拓扑图
这里要用的防火墙是
,
需要导入
目录
[trust ping 防火墙](#trust ping 防火墙)
防火墙配置1(启动图形化界面)
防火墙FW1默认账号密码为:用户名为:admin,密码为:Admin@123
然后输入后根据要求修改密码
system-view
sysname FM1
web-manager enable
interface g0/0/0
ip address 192.168.0.11 24
service-manage all permit
display thiscloud配置
配置网卡
然后就可以主机ping通了
访问https://192.168.0.11:8443,即可出现图形化界面
缓冲区服务器配置
防火墙配置2(各端口的ip地址)
sys
sysname FW
int g1/0/1
ip address 192.168.1.1 24
int g1/0/0
ip address 166.66.66.1 24
int g1/0/2
ip address 123.45.67.1 24
dis ip int brief
外部路由器配置
sys
un in en
sysname Untrust_R2
int e0/0/0
undo portswitch
ip address 166.66.66.66 24
quit
ip route-static 0.0.0.0 0 166.66.66.1有时后会出现
这时用undo portswitch将该接口切换到3层
本地路由器配置
sys
un in en
sysname Trust_R1
int e0/0/0
undo portswitch
ip address 192.168.1.6 24
quit
ip route-static 0.0.0.0 0 192.168.1.1
dis ip routing-table防火墙配置3(配置安全策略)
区域划分
sys
firewall zone trust
add int g1/0/1
quit
firewall zone dmz
add int g1/0/2
quit
firewall zone untrust
add int g1/0/0trust访问dmz
sys
security-policy
rule name trust_dmz
source-zone trust
destination-zone dmz
action permit成功
trust访问untrust
sys
security-policy
rule name trsut_untrust
source-zone trust
destination-zone untrust
action permit
quit
quit
nat-policy
rule name trust_untrsut
source-zone trust
egress-interface g1/0/0
action source-nat easy-ip这里要加一个nat转化
成功
外网(untrust)访问dmz
sys
security-policy
rule name untrust_dmz
source-zone untrust
destination-zone dmz
action permit成功
trust ping 防火墙
sys
int g1/0/1
service-manage ping permit成功
防火墙全访问
可以看到这时防火墙反过来ping不行
security-policy
rule name ping_every
source-zone local
destination-zone any
action permit
我们在图形化界面也可以看到我们的配置信息:
