华为防火墙技术基础

博主：远方
发布时间：2021 年 08 月 20 日
639 次浏览
暂无评论
1988字数
分类：数通中级

2021-08-20 154219.png

syst
int g0/0/0
dhcp select interface
 dhcp server gateway-list 192.168.0.1
 dhcp server dns-list 100.100.2.100

int g0/0/1
ip add 100.100.100.1 24

int g0/0/2
ip add 172.16.1.1 24
q
firewall zone untrust 
 add int g0/0/1
q
firewall zone dmz 
 add interface g0/0/2
q
policy interzone trust untrust outbound 
policy 1
action permit
q
policy interzone untrust dmz inbound 
policy 2
action permit
q
ip route-s 0.0.0.0 0.0.0.0 100.100.100.2

user-interf con 0
idle-t 0 0
q

syst
sysn SW
vlan ba 2 3 4 10
int vlan 10
ip add 100.100.100.2 24
int vlan 1
ip add 100.100.1.1 24
int vlan 2
ip add 100.100.2.1 24
int vlan 3
ip add 100.100.3.1 24
int vlan 4
ip add 100.100.4.1 24

int eth 0/0/10
port link-t ac
port default vlan 10 
int eth 0/0/1
port link-t ac
port default vlan 1 
int eth 0/0/2
port link-t ac
port default vlan 2 
int eth 0/0/3
port link-t ac
port default vlan 3 
int eth 0/0/4
port link-t ac
port default vlan 4 

user-interf con 0
idle-t 0 0
q

映射内部(DMZ)服务器

nat server protocol tcp global 100.100.100.172 80 inside 172.16.1.101 80
nat server protocol tcp global 100.100.100.172 21 inside 172.16.1.101 21
dis nat server

sys
firew interzone untrust dmz
 detect ftp
firew interzone trust untrust
 detect qq

dis firew server-map

1.


sys
firew blacklist item 192.168.0.2 timeout 2
firew blacklist enable
dis firew blacklist item

2.

firewall defend ip-sweep enable
firewall defend ip-sweep max-rate 2
firewall defend ip-sweep blacklist-timeout 20
firewall blacklist enable
dis firew blacklist item

最后修改：2023 年 05 月 02 日

© 允许规范转载

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

华为防火墙技术基础

远方 • 2021 年 08 月 20 日

<p><img src="https://www.runyf.cn/usr/uploads/2021/08/461962711.png" alt="2021-08-20 154219.png" title="2021-08-20 154219.png" style=""></p><p><div class="tab-container post_tab box-shadow-wrap-lg">
<ul class="nav no-padder b-b scroll-hide" role="tablist">
<li class='nav-item active' role="presentation"><a class='nav-link active' style="" data-toggle="tab" 
aria-controls='tabs-406555af5b91d9dd4bc3822838fdcac5200' role="tab" data-target='#tabs-406555af5b91d9dd4bc3822838fdcac5200'>FW</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-30ceda32cfd5f373b6146b5c07cf0d4a61' role="tab" data-target='#tabs-30ceda32cfd5f373b6146b5c07cf0d4a61'>SW</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-456bd7dd16e74720db8b1efe32bbd7ff02' role="tab" data-target='#tabs-456bd7dd16e74720db8b1efe32bbd7ff02'>FW-NAT-Server</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-5d56fa906eaca731b56d6e5d566c192a943' role="tab" data-target='#tabs-5d56fa906eaca731b56d6e5d566c192a943'>aspf</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-21caf146b2d62f3d72cbb2f0be6227cd724' role="tab" data-target='#tabs-21caf146b2d62f3d72cbb2f0be6227cd724'>Blacklist</a></li>
</ul>
<div class="tab-content no-border">
<div role="tabpanel" id='tabs-406555af5b91d9dd4bc3822838fdcac5200' class="tab-pane fade active in">
            </p><pre><code class="lang-shell">syst
int g0/0/0
dhcp select interface
 dhcp server gateway-list 192.168.0.1
 dhcp server dns-list 100.100.2.100

int g0/0/1
ip add 100.100.100.1 24

int g0/0/2
ip add 172.16.1.1 24
q
firewall zone untrust 
 add int g0/0/1
q
firewall zone dmz 
 add interface g0/0/2
q
policy interzone trust untrust outbound 
policy 1
action permit
q
policy interzone untrust dmz inbound 
policy 2
action permit
q
ip route-s 0.0.0.0 0.0.0.0 100.100.100.2

user-interf con 0
idle-t 0 0
q</code></pre><p></div><div role="tabpanel" id='tabs-30ceda32cfd5f373b6146b5c07cf0d4a61' class="tab-pane fade  ">
            </p><pre><code class="lang-shell">syst
sysn SW
vlan ba 2 3 4 10
int vlan 10
ip add 100.100.100.2 24
int vlan 1
ip add 100.100.1.1 24
int vlan 2
ip add 100.100.2.1 24
int vlan 3
ip add 100.100.3.1 24
int vlan 4
ip add 100.100.4.1 24

int eth 0/0/10
port link-t ac
port default vlan 10 
int eth 0/0/1
port link-t ac
port default vlan 1 
int eth 0/0/2
port link-t ac
port default vlan 2 
int eth 0/0/3
port link-t ac
port default vlan 3 
int eth 0/0/4
port link-t ac
port default vlan 4

user-interf con 0
idle-t 0 0
q</code></pre><p></div><div role="tabpanel" id='tabs-456bd7dd16e74720db8b1efe32bbd7ff02' class="tab-pane fade  ">
            </p><h4>映射内部(DMZ)服务器</h4><pre><code class="lang-shell">nat server protocol tcp global 100.100.100.172 80 inside 172.16.1.101 80
nat server protocol tcp global 100.100.100.172 21 inside 172.16.1.101 21
dis nat server</code></pre><p></div><div role="tabpanel" id='tabs-5d56fa906eaca731b56d6e5d566c192a943' class="tab-pane fade  ">
            </p><pre><code class="lang-shell">sys
firew interzone untrust dmz
 detect ftp
firew interzone trust untrust
 detect qq

dis firew server-map</code></pre><p></div><div role="tabpanel" id='tabs-21caf146b2d62f3d72cbb2f0be6227cd724' class="tab-pane fade  ">
            </p><h4>1.</h4><pre><code class="lang-shell">
sys
firew blacklist item 192.168.0.2 timeout 2
firew blacklist enable
dis firew blacklist item</code></pre><h4>2.</h4><pre><code class="lang-shell">firewall defend ip-sweep enable
firewall defend ip-sweep max-rate 2
firewall defend ip-sweep blacklist-timeout 20
firewall blacklist enable
dis firew blacklist item</code></pre><p></div>
</div>
</div></p>