h3c防火墙配置实例.docVIP

. 本文为大家介绍一个 H3C 防火墙的配置实例，配置内容包括：配置接口 IP 地址、配置区域、配置 NAT 地址转换、配置访问策略等，组网拓扑及需求如下。 1、网络拓扑图 2、配置要求 1）防火墙的 E0/2 接口为 TRUST 区域， ip 地址是：； 2）防火墙的 E1/2 接口为 UNTRUST 区域， ip 地址是：； 3）内网服务器对外网做一对一的地址映射， 、分别映射为、 ； 4）内网服务器访问外网不做限制，外网访问内网只放通公网地址 访问的 1433 端口和的80 端口。 3、防火墙的配置脚本如下 H3CF100Adis cur # sysname H3CF100A # super password level 3 cipher 6aQQ57-$.I)0;4:\(I41!!! # firewall packet-filter enable firewall packet-filter default permit # insulate # # 1 / 4 . firewall statistic system enable # radius scheme system server-type extended # domain system # local-user net1980 password cipher ###### service-type telnet level 2 # aspf-policy 1 detect h323 detect sqlnet detect rtsp detect http detect smtp detect ftp detect tcp detect udp # # acl number 3001 description out-inside acl number 3002 description inside-to-outside rule 1000 deny ip # interface Aux0 async mode flow # interface Ethernet0/0 shutdown # interface Ethernet0/1 shutdown 2 / 4 . # interface Ethernet0/2 speed 100 duplex full description to server firewall packet-filter 3002 inbound firewall aspf 1 outbound # interface Ethernet0/3 shutdown # interface Ethernet1/0 shutdown # interface Ethernet1/1 shutdown # interface Ethernet1/2 speed 100 duplex full description to internet firewall packet-filter 3001 inbound firewall aspf 1 outbound nat outbound static # interface NULL0 # firewall zone local set priority 100 # firewall zone trust add interface Ethernet0/2 set priority 85 # firewall zone untrust add interface Ethernet1/2 set priority 5 # firewall zone DMZ add interface Ethernet0/3 set priority 50 # 3 / 4 . firewall interzone local trust # firewall interzone local untrust # firewall interzone local DMZ # firewall interzone trust untrust # firewall interzone trust DMZ # firewall interzone DMZ untrust # # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return 4 / 4