telnet安全防火墙
1:配置ip地址
<Huawei>sys
[Huawei]sys User1
[User1]un in en
[User1]int g0/0/0
[User1-GigabitEthernet0/0/0]ip add 10.1.1.1 24
<Huawei>sys
[Huawei]sys User2
[User2]un in en
[User2]int g0/0/0
[User2-GigabitEthernet0/0/0]ip add 192.168.1.1 24
<Huawei>sys
[Huawei]sys User3
[User3]un in en
[User3]int g0/0/0
[User3-GigabitEthernet0/0/0]ip add 172.16.1.1 24<USG6000V1>sys
[USG6000V1]sys FW1
[FW1]un in en
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip add 10.1.1.254 24
[FW1-GigabitEthernet1/0/1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip add 192.168.1.254 24
[FW1-GigabitEthernet1/0/2]int g1/0/3
[FW1-GigabitEthernet1/0/3]ip add 172.16.1.254 24
2:配置默认路由
[User1]ip route-static 0.0.0.0 0 10.1.1.254
[User2]ip route-static 0.0.0.0 0 192.168.1.254
[User3]ip route-static 0.0.0.0 0 172.16.1.254
2.5:配置telnet
[User3]user-interface vty 0 4 //本题配置一个简单的telnet,若想了解配置其他的,请看之前的博客
[User3-ui-vty0-4]authentication-mode password
[User3-ui-vty0-4]set authentication password cipher 123456
[User3-ui-vty0-4]user privilege level 3
3:防火墙加入区域
[FW1]firewall zone trust
[FW1-zone-trust]add interface g1/0/1
[FW1-zone-trust]q
[FW1]firewall zone name ISP1
[FW1-zone-ISP1]set priority 40
[FW1-zone-ISP1]add interface g1/0/2
[FW1-zone-ISP1]q
[FW1]firewall zone name ISP2
[FW1-zone-ISP2]set priority 45
[FW1-zone-ISP2]add interface g1/0/3
[FW1-zone-ISP2]q
4:配置策略
[FW1]security-policy //策略1允许User1访问其余两个网段
[FW1-policy-security]rule name User1_ISP_1_2
[FW1-policy-security-rule-User1_ISP_1_2]source-zone trust
[FW1-policy-security-rule-User1_ISP_1_2]destination-zone ISP1 ISP2
[FW1-policy-security-rule-User1_ISP_1_2]source-address 10.1.1.1 32
[FW1-policy-security-rule-User1_ISP_1_2]destination-address 192.168.1.0 24
[FW1-policy-security-rule-User1_ISP_1_2]destination-address 172.16.1.0 24
[FW1-policy-security-rule-User1_ISP_1_2]action permit
[FW1-policy-security-rule-User1_ISP_1_2]q
[FW1-policy-security]rule name User_Tel_User3 //策略2禁止User1 telnet User3
[FW1-policy-security-rule-User_Tel_User3]source-zone trust
[FW1-policy-security-rule-User_Tel_User3]destination-zone ISP2
[FW1-policy-security-rule-User_Tel_User3]source-address 10.1.1.1 32
[FW1-policy-security-rule-User_Tel_User3]destination-address 172.16.1.1 32
[FW1-policy-security-rule-User_Tel_User3]service telnet
[FW1-policy-security-rule-User_Tel_User3]action deny
[FW1-policy-security-rule-User_Tel_User3]q
######由于策略的生效由上到下执行的,而且策略2的配置在策略1之后
######所以我们需要将策略2移动至策略1之前,命令如下
[FW1-policy-security]rule move User_Tel_User3 before User1_ISP_1_2
————————————————
https://blog.csdn.net/sgslwms/article/details/121925353?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2~aggregatepage~first_rank_ecpm_v1~rank_v31_ecpm-1-121925353.pc_agg_new_rank&utm_term=ensp+usg6000%E9%85%8D%E7%BD%AE%E5%AE%9E%E9%AA%8C&spm=1000.2123.3001.4430
- 点赞
- 收藏
- 关注作者
评论(0)