欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

华为USG6000V防火墙学习

程序员文章站 2024-03-20 23:50:46
...

华为USG6000V防火墙学习

实验示例:
华为USG6000V防火墙学习
华为USG6000V防火墙学习
实验要求:
1、登录防火墙,修改初始密码并保存保存设置;

2、开启对应接口https服务功能,修改端口IP地址,使用浏览器登录防火墙的web控制台;
格式:https://端口IP地址:8443

3、开启对用接口ping服务功能,使用本地Windows PowerShell命令行ping通对应端口的IP地址;

4、制定防火墙策略,用本地Windows PowerShell命令行ping通对应端口的IP地址,使得可以和本地通信。

实验配置:

User interface con0 is available



Please Press ENTER.


Login authentication


Username:admin
Password:
*************************************************************************
*         Copyright (C) 2014-2018 Huawei Technologies Co., Ltd.         *
*                           All rights reserved.                        *
*               Without the owner's prior written consent,              *
*        no decompiling or reverse-engineering shall be allowed.        *
*************************************************************************


<USG6000V1>
<USG6000V1>system-view 
Enter system view, return user view with Ctrl+Z.
[USG6000V1]interface GigabitEthernet 0/0/0
[USG6000V1-GigabitEthernet0/0/0]dis thi
2020-09-04 01:01:49.780 
#
interface GigabitEthernet0/0/0
 undo shutdown
 ip binding vpn-instance default
 ip address 192.168.100.15 255.255.255.0
 alias GE0/METH
 service-manage https permit
 service-manage ping permit
#
return
[USG6000V1-GigabitEthernet0/0/0]

在端口内,允许ping功能开启。使得端口可以和本地通信。
华为USG6000V防火墙学习
开启https服务功能,使用浏览器登录防火墙后台。
华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
制定防火墙策略,端口和本地正常通信
配置如下:

<USG6000V1>system-view
Enter system view, return user view with Ctrl+Z.
[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name T2L_ping
Sep  4 2020 01:13:35 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 6, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-policy-security-rule-T2L_ping]source-zone trust 
[USG6000V1-policy-security-rule-T2L_ping]destination-zone local 
[USG6000V1-policy-security-rule-T2L_ping]
Sep  4 2020 01:13:55 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 8, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-policy-security-rule-T2L_ping]source-address 192.168.100.1 32  
Sep  4 2020 01:14:25 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 9, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-policy-security-rule-T2L_ping]service icmp
[USG6000V1-policy-security-rule-T2L_ping]dis thi
2020-09-04 01:15:02.670 
#
 rule name T2L_ping
  source-zone trust
  destination-zone local
  source-address 192.168.100.1 mask 255.255.255.255
  service icmp
  (not configure the action)
#
return
[USG6000V1-policy-security-rule-T2L_ping]
Sep  4 2020 01:15:05 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 10, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-policy-security-rule-T2L_ping]action permit 
[USG6000V1-policy-security-rule-T2L_ping]dis thi
2020-09-04 01:15:34.550 
#
 rule name T2L_ping
  source-zone trust
  destination-zone local
  source-address 192.168.100.1 mask 255.255.255.255
  service icmp
  action permit
#
return

华为USG6000V防火墙学习
华为USG6000V防火墙学习
制定防火墙出接口流量策略。
配置如下

[USG6000V1]security-policy
[USG6000V1-policy-security]rule name L2T_ping
[USG6000V1-policy-security-rule-L2T_ping]source-zone local 
[USG6000V1-policy-security-rule-L2T_ping]destination-zone trust 
[USG6000V1-policy-security-rule-L2T_ping]source-address 192.168.100.15 32  
[USG6000V1-policy-security-rule-L2T_ping]destination-address 192.168.100.1 32
[USG6000V1-policy-security-rule-L2T_ping]service icmp
[USG6000V1-policy-security-rule-L2T_ping]action permit 
[USG6000V1-policy-security-rule-L2T_ping]dis thi
2020-09-04 01:41:04.390 
#
 rule name L2T_ping
  source-zone local
  destination-zone trust
  source-address 192.168.100.15 mask 255.255.255.255
  destination-address 192.168.100.1 mask 255.255.255.255
  service icmp
  action permit
#
return
[USG6000V1-policy-security-rule-L2T_ping]

华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
华为USG6000V防火墙学习
修改iCMP会话超时时间并查询。
华为USG6000V防火墙学习
华为USG6000V防火墙学习

相关标签: HUAWEI数通学习