telnet安全防火墙

举报
柳ioi 发表于 2022/07/10 23:25:20 2022/07/10
【摘要】 1:配置ip地址<Huawei>sys[Huawei]sys User1[User1]un in en[User1]int g0/0/0[User1-GigabitEthernet0/0/0]ip add 10.1.1.1 24<Huawei>sys[Huawei]sys User2[User2]un in en[User2]int g0/0/0[User2-GigabitEthernet0...

1:配置ip地址


<Huawei>sys

[Huawei]sys User1

[User1]un in en

[User1]int g0/0/0

[User1-GigabitEthernet0/0/0]ip add 10.1.1.1 24


<Huawei>sys

[Huawei]sys User2

[User2]un in en

[User2]int g0/0/0

[User2-GigabitEthernet0/0/0]ip add 192.168.1.1 24


<Huawei>sys

[Huawei]sys User3

[User3]un in en

[User3]int g0/0/0

[User3-GigabitEthernet0/0/0]ip add 172.16.1.1 24<USG6000V1>sys

[USG6000V1]sys FW1

[FW1]un in en

[FW1]int g1/0/1

[FW1-GigabitEthernet1/0/1]ip add 10.1.1.254 24

[FW1-GigabitEthernet1/0/1]int g1/0/2

[FW1-GigabitEthernet1/0/2]ip add 192.168.1.254 24

[FW1-GigabitEthernet1/0/2]int g1/0/3

[FW1-GigabitEthernet1/0/3]ip add 172.16.1.254 24


2:配置默认路由


[User1]ip route-static 0.0.0.0 0 10.1.1.254


[User2]ip route-static 0.0.0.0 0 192.168.1.254


[User3]ip route-static 0.0.0.0 0 172.16.1.254


2.5:配置telnet


[User3]user-interface vty 0 4 //本题配置一个简单的telnet,若想了解配置其他的,请看之前的博客

[User3-ui-vty0-4]authentication-mode password

[User3-ui-vty0-4]set authentication password cipher 123456

[User3-ui-vty0-4]user privilege level 3


3:防火墙加入区域


[FW1]firewall zone trust

[FW1-zone-trust]add interface g1/0/1

[FW1-zone-trust]q

[FW1]firewall zone name ISP1

[FW1-zone-ISP1]set priority 40

[FW1-zone-ISP1]add interface g1/0/2

[FW1-zone-ISP1]q

[FW1]firewall zone name ISP2

[FW1-zone-ISP2]set priority 45

[FW1-zone-ISP2]add interface g1/0/3

[FW1-zone-ISP2]q


4:配置策略


[FW1]security-policy //策略1允许User1访问其余两个网段

[FW1-policy-security]rule name User1_ISP_1_2

[FW1-policy-security-rule-User1_ISP_1_2]source-zone trust

[FW1-policy-security-rule-User1_ISP_1_2]destination-zone ISP1 ISP2

[FW1-policy-security-rule-User1_ISP_1_2]source-address 10.1.1.1 32

[FW1-policy-security-rule-User1_ISP_1_2]destination-address 192.168.1.0 24

[FW1-policy-security-rule-User1_ISP_1_2]destination-address 172.16.1.0 24

[FW1-policy-security-rule-User1_ISP_1_2]action permit

[FW1-policy-security-rule-User1_ISP_1_2]q


[FW1-policy-security]rule name User_Tel_User3 //策略2禁止User1 telnet User3

[FW1-policy-security-rule-User_Tel_User3]source-zone trust

[FW1-policy-security-rule-User_Tel_User3]destination-zone ISP2

[FW1-policy-security-rule-User_Tel_User3]source-address 10.1.1.1 32

[FW1-policy-security-rule-User_Tel_User3]destination-address 172.16.1.1 32

[FW1-policy-security-rule-User_Tel_User3]service telnet

[FW1-policy-security-rule-User_Tel_User3]action deny

[FW1-policy-security-rule-User_Tel_User3]q


######由于策略的生效由上到下执行的,而且策略2的配置在策略1之后


######所以我们需要将策略2移动至策略1之前,命令如下


[FW1-policy-security]rule move User_Tel_User3 before User1_ISP_1_2

————————————————

https://blog.csdn.net/sgslwms/article/details/121925353?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2~aggregatepage~first_rank_ecpm_v1~rank_v31_ecpm-1-121925353.pc_agg_new_rank&utm_term=ensp+usg6000%E9%85%8D%E7%BD%AE%E5%AE%9E%E9%AA%8C&spm=1000.2123.3001.4430

【版权声明】本文为华为云社区用户原创内容,未经允许不得转载,如需转载请自行联系原作者进行授权。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。