华为F100防火墙透明模式配置方法
下面是华为F100透明模式的典型配置实例,其它改进的东西大家可以自己添加,不过使用了透明模式,就不能把F100做成VPN SERVER
#
sysname secpath100
#
super password level 3 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
dvpn service enable
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall mode transparent
firewall system-ip 10.93.48.14 255.255.255.0
#
firewall statistic system enable
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet
level 3
local-user root
password cipher %J!H+=68B8/Q=^Q`MAF4<1!!
service-type telnet
level 3
#
acl number 3001
description bingduliebiao
rule 0 deny tcp source-port eq 3127
rule 1 deny tcp source-port eq 1025
rule 2 deny tcp source-port eq 5554
rule 3 deny tcp source-port eq 9996
rule 4 deny tcp source-port eq 1068
rule 5 deny tcp source-port eq 135
rule 6 deny udp source-port eq 135
rule 8 deny udp source-port eq netbios-ns
rule 9 deny tcp source-port eq 138
rule 10 deny udp source-port eq netbios-dgm
rule 11 deny tcp source-port eq 139
rule 13 deny tcp source-port eq 593
rule 14 deny tcp source-port eq 4444
rule 15 deny tcp source-port eq 5800
rule 16 deny tcp source-port eq 5900
rule 19 deny tcp source-port eq 445
rule 20 deny udp source-port eq 445
rule 30 deny tcp destination-port eq 3127
rule 32 deny tcp destination-port eq 5554
rule 33 deny tcp destination-port eq 9996
rule 34 deny tcp destination-port eq 1068
rule 35 deny tcp destination-port eq 135
rule 36 deny udp destination-port eq 135
rule 37 deny tcp destination-port eq 137
rule 38 deny udp destination-port eq netbios-ns
rule 39 deny tcp destination-port eq 138
rule 40 deny udp destination-port eq netbios-dgm
rule 41 deny tcp destination-port eq 139
rule 43 deny tcp destination-port eq 593
rule 44 deny tcp destination-port eq 4444
rule 45 deny tcp destination-port eq 5800
rule 46 deny tcp destination-port eq 5900
rule 48 deny tcp destination-port eq 8998
rule 49 deny tcp destination-port eq 445
rule 51 deny udp destination-port eq 1434
#
interface Aux0
async mode flow
#
interface Ethernet0/0
promiscuous
#
interface Ethernet0/1
promiscuous
#
interface Ethernet0/2
promiscuous
#
interface Ethernet0/3
promiscuous
#
interface Ethernet1/0
promiscuous
#
interface Ethernet1/1
promiscuous
#
interface Ethernet1/2
promiscuous
#
interface NULL0
#
interface LoopBack0
ip address 10.93.48.14 255.255.255.0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/3
set priority 85
#
firewall zone untrust
add interface Ethernet1/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
firewall packet-filter 3001 inbound
firewall packet-filter 3001 outbound
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
snmp-agent
snmp-agent local-engineid 000007DB0A5D300E000035E1
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version v3
snmp-agent group v3 group1 privacy write-view ViewDefault notify-view ViewDefault
snmp-agent usm-user v3 SecPath group1 authentication-mode md5 70ATCM'KA]0(+:.5K79(1Q!! privacy-mode des56 70ATCM'KA]0(+:.5K79(1Q!!
#
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
user-interface con 0
authentication-mode password
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
user-interface aux 0
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
user-interface vty 0 4
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
return
搜索更多相关主题的帖子:
华为 防火墙 模式
