2024H3C防火墙2区域配置案例VIP免费

2022H3C防火墙2区域配置案例H3C防火墙2区域配置案例基于多年参加电力行业信息化的阅历，H3C公司推出电力信息网络平安加固解决方案，该解决方案主要由对终端平安防护和平安管理中心等关键部件组成。那么H3C防火墙2区域是怎么配置的呢?下面跟yjbys我一起来看看!1、配置要求1)防火墙的E0/2接口为TRUST区域，ip地址是：192.168.254.1/29;第1页共17页2)防火墙的E1/2接口为UNTRUST区域，ip地址是：202.111.0.1/27;3)内网服务器对外网做一对一的地址映射，192.168.254.2、192.168.254.3分别映射为202.111.0.2、202.111.0.3;4)内网服务器访问外网不做限制，外网访问内网只放通公网地址211.101.5.49访问192.168.254.2的`1433端口和192.168.254.3的80端口。2、防火墙的配置脚本如下第2页共17页discur#sysnameH3CF100A#superpasswordlevel3cipher6aQ>Q57-$.I)0;4:\(I41!!!#firewallpacket-filterenablefirewallpacket-filterdefaultpermit第3页共17页#insulate#natstaticinsideip192.168.254.2globalip202.111.0.2natstaticinsideip192.168.254.3globalip202.111.0.3#firewallstatisticsystemenable#radiusschemesystem第4页共17页server-typeextended#domainsystem#local-usernet1980passwordcipher######service-typetelnetlevel2#第5页共17页aspf-policy1detecth323detectsqlnetdetectrtspdetecthttpdetectsmtpdetectftpdetecttcpdetectudp第6页共17页#objectaddress192.168.254.2/32192.168.254.2255.255.255.255objectaddress192.168.254.3/32192.168.254.3255.255.255.255#aclnumber3001descriptionout-insiderule1permittcpsource211.101.5.490destination第7页共17页192.168.254.20destination-porteq1433rule2permittcpsource211.101.5.490destination192.168.254.30destination-porteqwwwrule1000denyipaclnumber3002descriptioninside-to-outsiderule1permitipsource192.168.254.20rule2permitipsource192.168.254.30rule1000denyip第8页共17页#interfaceAux0asyncmodeflow#interfaceEthernet0/0shutdown#interfaceEthernet0/1shutdown第9页共17页#interfaceEthernet0/2speed100duplexfulldescriptiontoserveripaddress192.168.254.1255.255.255.248firewallpacket-filter3002inboundfirewallaspf1outbound#第10页共17页interfaceEthernet0/3shutdown#interfaceEthernet1/0shutdown#interfaceEthernet1/1shutdown#第11页共17页interfaceEthernet1/2speed100duplexfulldescriptiontointernetipaddress202.111.0.1255.255.255.224firewallpacket-filter3001inboundfirewallaspf1outboundnatoutboundstatic#第12页共17页interfaceNULL0#firewallzonelocalsetpriority100#firewallzonetrustaddinterfaceEthernet0/2setpriority85#第13页共17页firewallzoneuntrustaddinterfaceEthernet1/2setpriority5#firewallzoneDMZaddinterfaceEthernet0/3setpriority50#firewallinterzonelocaltrust第14页共17页#firewallinterzonelocaluntrust#firewallinterzonelocalDMZ#firewallinterzonetrustuntrust#firewallinterzonetrustDMZ#第15页共17页firewallinterzoneDMZuntrust#iproute-static0.0.0.00.0.0.0202.111.0.30preference60#user-interfacecon0user-interfaceaux0user-interfacevty04authentication-modescheme第16页共17页#本文来源：网络收集与整理，如有侵权，请联系作者删除，谢谢！第17页共17页