还可以修改https的登录端口号,如果和别的登录冲突的时候
security enable port 10443
划分区域,配置g0/0/0接口IP,配置登录账号,配置stelnet服务开启,创建rsa密码,配置ssh登录用户密码服务类型,在vty下开启aaa,ssh,接口下开启ssh管理模式
进入防火墙后,从内部ping外面也会ping不通,所以搞一个本地ping外面随便ping的策略
[USG6000V1]security-policy
[USG6000V1-policy-security]rule name LtoANY
[USG6000V1-policy-security-rule-LtoANY]dis this
2024-07-14 07:13:02.560
#
rule name LtoANY
source-zone local
action permit
#
return
interface GigabitEthernet1/0/1.10
vlan-type dot1q 10
ip address 10.1.10.12 255.255.255.0
#
interface GigabitEthernet1/0/1.100
vlan-type dot1q 100
ip address 10.0.0.12 255.255.255.0
配置完成子接口后,一定要加入安全区域中,否则没用!!!!!!!!
实验目的:通过防火墙使得三个区域“互通”,PC1和PC2可以访问AR1和AR2
//配置云端cloud1
配置防火墙和云连接的接口IP,配置使用web登录防火墙
aaa
manager-user admin
password cipher hauwei@123
service-type web terminal telnet ssh
level 15
#
interface GigabitEthernet0/0/0
ip address 192.168.198.254 255.255.255.0
service-manage http permit
service-manage https permit
#
rsa local-key-pair create
#
ssh user admin service-type stelnet
ssh user admin authentication-type password
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
stelnet server enable
https://192.168.198.254:8443 登录网页版管理防火墙
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
FW:
ospf 1 router-id 0.0.0.1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 21.1.1.0 0.0.0.255
network 192.168.10.0 0.0.0.255
#
AR1:
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.0 0.0.0.255
#
AR2:
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 21.1.1.0 0.0.0.255
//不需要配置返回的策略,需要配置单个方向的即可
security-policy
//本地发起到其他所有可通
rule name LtoANY
source-zone local
action permit
//Trust到untrust通信--主要配置service ICMP(不配置不通!!!)
rule name TtoUN
source-zone trust
destination-zone untrust
service icmp
action permit
//配置ospf的放通策略
rule name ospf
source-zone dmz
source-zone local
source-zone untrust
destination-zone dmz
destination-zone local
destination-zone untrust
service ospf
action permit
//DMZ到Untrust
rule name DtoUN
source-zone dmz
destination-zone untrust
action permit
//Trust到DMZ
rule name TtoD
source-zone trust
destination-zone dmz
action permit
//DMZ到Trust
rule name DtoT
source-zone dmz
destination-zone trust
#
return
版权说明:如非注明,本站文章均为 扬州驻场服务-网络设备调试-监控维修-南京泽同信息科技有限公司 原创,转载请注明出处和附带本文链接。
请在这里放置你的在线分享代码