H3C SecPath F100-C 防火墙默认配置
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://junfs.blog.51cto.com/209036/47928 |
H3C SecPath F100-C 防火墙默认配置XX市一船物公司的H3C F100-C防火墙默认配置,只要求能接入Internet。组网环境,一台H3C F100-C防火墙、一台48口杂牌子的傻瓜交换机、PC直接连入48口交换机。 F100-C WAN口接ADSL Modem ,LAN口接交换机。 H3C F100-C的配置信息: [H3C]display current-configuration # sysname H3C # firewall packet-filter enable firewall packet-filter default permit # connection-limit disable connection-limit default deny connection-limit default amount upper-limit 50 lower-limit 20 # dialer-rule 1 ip permit # firewall statistic system enable # radius scheme system # domain system # local-user admin password simple 123456aA service-type telnet terminal level 3 service-type ftp # acl number 2000 rule 0 permit source 192.168.0.0 0.0.0.255 # interface Dialer1 link-protocol ppp ppp pap local-user xx********@163 password simple 123456 tcp mss 1024 ip address ppp-negotiate dialer user adsl dialer-group 1 dialer bundle 1 nat outbound 2000 # interface Ethernet1/0 tcp mss 1024 ip address 192.168.0.1 255.255.255.0 # interface Ethernet2/0 speed 10 duplex full pppoe-client dial-bundle-number 1 tcp mss 1024 ip address dhcp-alloc # interface NULL0 # firewall zone local set priority 100 # firewall zone trust set priority 85 # firewall zone untrust add interface Ethernet2/0 add interface Dialer1 set priority 5 # firewall zone DMZ set priority 50 # firewall interzone local trust # firewall interzone local untrust # firewall interzone local DMZ # firewall interzone trust untrust # firewall interzone trust DMZ # firewall interzone DMZ untrust # FTP server enable # ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60 # user-interface con 0 user-interface vty 0 4 authentication-mode scheme # return (只做了个PPPoE的拨号,其他设置都是此防火墙默认设置) 本文出自 “极限空间” 博客,请务必保留此出处http://junfs.blog.51cto.com/209036/47928 本文出自 51CTO.COM技术博客 |
junfs
博客统计信息
热门文章
最新评论
友情链接
