devbox
Cpp五条
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

ENSP实验一:防火墙基础配置_ensp防火墙配置

作者:Cpp五条 | 2024-04-15 18:27:25

ensp防火墙配置

1、搭建拓扑图

配置client(内网)、FTP Server(外网)的IP地址

客户端设置:

服务端设置:

 

2、配置防火墙命名

进入防火墙,输入密码:默认为admin@123

  1. <USG6000V1>system-view  //进入系统模式
  2. [USG6000V1]sysname FW1  //命名为FW1

3、配置安全区域

  1. [FW1]firewall zone trust 
  2. [FW1-zone-trust]add int g1/0/0
  3.  
  4. [FW1]firewall zone untrust 
  5. [FW1-zone-untrust]add int g1/0/2

4、配置IP地址

  1. [FW1]int g1/0/0
  2. [FW1-GigabitEthernet1/0/0]ip address 192.168.2.254 24
  3. [FW1]int g1/0/2
  4. [FW1-GigabitEthernet1/0/2]ip address 200.1.1.1 24
  1. [FW1-GigabitEthernet1/0/2]dis ip int b  //查看接口IP信息
  2.  
  3.  
  4. *down: administratively down
  5. ^down: standby
  6. (l): loopback
  7. (s): spoofing
  8. (d): Dampening Suppressed
  9. (E): E-Trunk down
  10. The number of interface that is UP in Physical is 4
  11. The number of interface that is DOWN in Physical is 6
  12. The number of interface that is UP in Protocol is 4
  13. The number of interface that is DOWN in Protocol is 6
  14.  
  15. Interface                         IP Address/Mask      Physical   Protocol  
  16. GigabitEthernet0/0/0              192.168.0.1/24       down       down      
  17. GigabitEthernet1/0/0              192.168.2.254/24     up         up        
  18. GigabitEthernet1/0/1              unassigned           down       down      
  19. GigabitEthernet1/0/2              200.1.1.1/24         up         up        
  20. GigabitEthernet1/0/3              unassigned           down       down      
  21. GigabitEthernet1/0/4              unassigned           down       down      
  22. GigabitEthernet1/0/5              unassigned           down       down      
  23. GigabitEthernet1/0/6              unassigned           down       down      
  24. NULL0                             unassigned           up         up(s)     
  25. Virtual-if0                       unassigned           up         up(s)     
  26.  
  27. [FW1-GigabitEthernet1/0/2]

5、配置安全策略

  1. [FW1]security-policy  //进入安全配置模式
  2. [FW1-policy-security]rule name test    //取名字
  3. [FW1-policy-security-rule-test]source-zone trust     //源区域
  4. [FW1-policy-security-rule-test]destination-zone untrust     //目标区域
  5. [FW1-policy-security-rule-test]source-address 192.168.2.0 mask 255.255.255.0    //源地址
  6. [FW1-policy-security-rule-test]destination-address 200.1.1.0 mask 255.255.255.0	   //目标地址
  7. [FW1-policy-security-rule-test]service icmp  //流量类型
  8. [FW1-policy-security-rule-test]action permit   //行为为允许

6、ping测试

继续配置安全策略,实现服务器ping客户端

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Cpp五条/article/detail/429400
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号