hc防火墙配置实例.docx

集团企业公司编码：（LL3698-KKI1269-TM2483-LUI12689-ITT289-DQS58-MG198） 集团企业公司编码：（LL3698-KKI1269-TM2483-LUI12689-ITT289-DQS58-MG198） HC防火墙配置实例 本文为大家介绍一个H3C防火墙的配置实例，配置内容包括：配置接口IP地址、配置区域、配置NAT地址转换、配置访问策略等，组网拓扑及需求如下。 1、网络拓扑图 2、配置要求 3、防火墙的配置脚本如下 H3CF100Adiscur # sysnameH3CF100A # superpasswordlevel3cipher6aQQ57-$.I)0;4:\(I41!!! # firewallpacket-filterenable firewallpacket-filterdefaultpermit # insulate # natstaticinsideipglobalip natstaticinsideipglobalip # firewallstatisticsystemenable # radiusschemesystem server-typeextended # domainsystem # local-usernet1980 passwordcipher###### service-typetelnet level2 # aspf-policy1 detecth323 detectsqlnet detectrtsp detecthttp detectsmtp detectftp detecttcp detectudp # objectaddress objectaddress # aclnumber3001 descriptionout-inside rule1permittcpsource0destination0destination-porteq1433 rule2permittcpsource0destination0destination-porteqwww rule1000denyip aclnumber3002 descriptioninside-to-outside rule1permitipsource0 rule2permitipsource0 rule1000denyip # interfaceAux0 asyncmodeflow # interfaceEthernet0/0 shutdown # interfaceEthernet0/1 shutdown # interfaceEthernet0/2 speed100 duplexfull descriptiontoserver ipaddress firewallpacket-filter3002inbound firewallaspf1outbound # interfaceEthernet0/3 shutdown # interfaceEthernet1/0 shutdown # interfaceEthernet1/1 shutdown # interfaceEthernet1/2 speed100 duplexfull descriptiontointernet ipaddress firewallpacket-filter3001inbound firewallaspf1outbound natoutboundstatic # interfaceNULL0 # firewallzonelocal setpriority100 # firewallzonetrust addinterfaceEthernet0/2 setpriority85 # firewallzoneuntrust addinterfaceEthernet1/2 setpriority5 # firewallzoneDMZ addinterfaceEthernet0/3 setpriority50 # firewallinterzonelocaltrust # firewallinterzonelocaluntrust # firewallinterzonelocalDMZ # firewallinterzonetrustuntrust # firewallinterzonetrustDMZ # firewallinterzoneDMZuntrust # iproute-staticpreference60 # user-interfacecon0 user-interfaceaux0 user-int