订阅华为eNSP配置防火墙的安全域和安全策略
来源:网络收集 点击: 时间:2024-08-08一、搭建本次实验的拓扑
防火墙一台、路由器三台、交换机一台
2/7二、配置设备的接口信息
Huaweisystem-view Enter system view, return user view with Ctrl+Z.sysname R1interface GigabitEthernet 0/0/1
ip address 10.0.10.1 24quitinterface loopback 0ip address 10.0.1.1 24Huaweisystem-view Enter system view, return user view with Ctrl+Z.sysname R2interface GigabitEthernet0/0/1ip address 10.0.20.1 24quitinterface loopback 0ip address 10.0.2.2 24Huaweisystem-viewEnter system view, return user view with Ctrl+Z.sysname R3interface GigabitEthernet 0/0/1ip address 10.0.30.1 24quitinterface loopback 0 ip address 10.0.3.3 24
防火墙信息
int GigabitEthernet 0/0/0undo ip addressquitinterface GigabitEthernet 1/0/0ip address 10.0.10.254 24quitinterface GigabitEthernet 1/0/1ip address 10.0.20.254 24quitinterface GigabitEthernet 1/0/2ip address 10.0.30.254 24quit
3/7三、划分本次实验需要的VLAN
sysname S1vlan batch 11 to 13interface GigabitEthernet 0/0/1port link-type accessport default vlan 11quitinterface GigabitEthernet 0/0/2port link-type accessport default vlan 12quitinterface GigabitEthernet 0/0/3port link-type accessport default vlan 13quitinterface GigabitEthernet 0/0/21port link-type accessport default vlan 11quitinterface GigabitEthernet 0/0/22port link-type accessport default vlan 12quitinterface GigabitEthernet 0/0/23port link-type accessport default vlan 13
4/7四、配置静态路由信息
ip route-static 0.0.0.0 0 10.0.10.254ip route-static 0.0.0.0 0 10.0.20.254ip route-static 0.0.0.0 0 10.0.30.254ip route-static 10.0.1.0 24 10.0.10.1ip route-static 10.0.2.0 24 10.0.20.1ip route-static 10.0.3.0 24 10.0.30.1
5/7五、配置防火墙的区域
firewall zone dmzadd interface GigabitEthernet 1/0/2quitfirewall zone trustadd interface GigabitEthernet 1/0/1undo add interface GigabitEthernet 0/0/0quit
firewall zone untrustadd interface GigabitEthernet 1/0/0quit
6/7六、配置防火墙的安全策略
security-policyrule name policy_sec_1source-zone trustdestination-zone untrustaction permitquitrule name policy_sec_2source-zone trustdestination-zone dmzaction permitquitquit
7/7七、验证防火墙各个区域间通信
R1ping -a 10.0.1.1 10.0.2.2 PING 10.0.2.2: 56 data bytes, press CTRL_C to break Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=254 time=240 ms Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=254 time=80 ms Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=254 time=50 ms Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=254 time=70 ms Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=254 time=60 ms
--- 10.0.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/100/240 ms
R1ping -a 10.0.1.1 10.0.3.3 PING 10.0.3.3: 56 data bytes, press CTRL_C to break Request time out Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=150 ms Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=70 ms Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=70 ms Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=60 ms
--- 10.0.3.3 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet loss round-trip min/avg/max = 60/87/150 ms
注意事项注意防火墙的端口的优先级
配置策略要注意从哪到哪
版权声明:
1、本文系转载,版权归原作者所有,旨在传递信息,不代表看本站的观点和立场。
2、本站仅提供信息发布平台,不承担相关法律责任。
3、若侵犯您的版权或隐私,请联系本站管理员删除。
4、文章链接:http://www.1haoku.cn/art_1086804.html
