ENSP实验一:防火墙基础配置 | 您所在的位置:网站首页 › 防火墙怎么建 › ENSP实验一:防火墙基础配置 |
1、搭建拓扑图 配置client(内网)、FTP Server(外网)的IP地址 客户端设置: 服务端设置:
2、配置防火墙命名 进入防火墙,输入密码:默认为admin@123 system-view //进入系统模式 [USG6000V1]sysname FW1 //命名为FW13、配置安全区域 [FW1]firewall zone trust [FW1-zone-trust]add int g1/0/0 [FW1]firewall zone untrust [FW1-zone-untrust]add int g1/0/24、配置IP地址 [FW1]int g1/0/0 [FW1-GigabitEthernet1/0/0]ip address 192.168.2.254 24 [FW1]int g1/0/2 [FW1-GigabitEthernet1/0/2]ip address 200.1.1.1 24 [FW1-GigabitEthernet1/0/2]dis ip int b //查看接口IP信息 *down: administratively down ^down: standby (l): loopback (s): spoofing (d): Dampening Suppressed (E): E-Trunk down The number of interface that is UP in Physical is 4 The number of interface that is DOWN in Physical is 6 The number of interface that is UP in Protocol is 4 The number of interface that is DOWN in Protocol is 6 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 192.168.0.1/24 down down GigabitEthernet1/0/0 192.168.2.254/24 up up GigabitEthernet1/0/1 unassigned down down GigabitEthernet1/0/2 200.1.1.1/24 up up GigabitEthernet1/0/3 unassigned down down GigabitEthernet1/0/4 unassigned down down GigabitEthernet1/0/5 unassigned down down GigabitEthernet1/0/6 unassigned down down NULL0 unassigned up up(s) Virtual-if0 unassigned up up(s) [FW1-GigabitEthernet1/0/2]5、配置安全策略 [FW1]security-policy //进入安全配置模式 [FW1-policy-security]rule name test //取名字 [FW1-policy-security-rule-test]source-zone trust //源区域 [FW1-policy-security-rule-test]destination-zone untrust //目标区域 [FW1-policy-security-rule-test]source-address 192.168.2.0 mask 255.255.255.0 //源地址 [FW1-policy-security-rule-test]destination-address 200.1.1.0 mask 255.255.255.0 //目标地址 [FW1-policy-security-rule-test]service icmp //流量类型 [FW1-policy-security-rule-test]action permit //行为为允许6、ping测试 继续配置安全策略,实现服务器ping客户端 |
CopyRight 2018-2019 实验室设备网 版权所有 |