h3c secpath f100的配置和管理

更新时间：2022-08-12 17:29:54

[F100-A]dis current-configuration
下面是h3c f100系列防火墙的典型配置，希望对刚接触这款防火墙的朋友们有所帮助，大家有意见，可及时跟我联系。
#
sysname F100-A
#
undo firewall packet-filter enable
firewall packet-filter default permit
#
undo insulate
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user egb--aq
password cipher ]#R=WG;'I/ZGL^3L[[\1-A!!
service-type telnet
level 3
#
aspf-policy 1
detect http
detect smtp
detect ftp
detect tcp
detect udp
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.0.255
rule 1 deny
#
interface Virtual-Template1
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.0.1 255.255.255.0
#
interface Ethernet1/0
ip address 121.81.231.130 255.255.255.224
ip address 121.81.231.132 255.255.255.224 sub
ip address 121.81.231.133 255.255.255.224 sub
ip address 121.81.231.134 255.255.255.224 sub
ip address 121.81.231.135 255.255.255.224 sub
ip address 121.81.231.136 255.255.255.224 sub
ip address 121.81.231.137 255.255.255.224 sub
ip address 121.81.231.138 255.255.255.224 sub
ip address 121.81.231.139 255.255.255.224 sub
ip address 121.81.231.131 255.255.255.224 sub
nat outbound 2000
nat server protocol tcp global 121.81.231.136 3000 inside 192.168.0.6 3000
nat server protocol tcp global 121.81.231.136 6000 inside 192.168.0.6 6000
nat server protocol tcp global 121.81.231.132 ftp inside 192.168.0.3 ftp
nat server protocol tcp global 121.81.231.132 5631 inside 192.168.0.3 5631
nat server protocol tcp global 121.81.231.132 43958 inside 192.168.0.3 43958
nat server protocol tcp global 121.81.231.134 ftp inside 192.168.0.4 ftp
nat server protocol tcp global 121.81.231.134 www inside 192.168.0.4 www
nat server protocol tcp global 121.81.231.134 5631 inside 192.168.0.4 5631
nat server protocol tcp global 121.81.231.134 43958 inside 192.168.0.4 43958
nat server protocol tcp global 121.81.231.135 ftp inside 192.168.0.5 ftp
nat server protocol tcp global 121.81.231.135 58169 inside 192.168.0.5 58169
nat server protocol tcp global 121.81.231.135 www inside 192.168.0.5 www
nat server protocol tcp global 121.81.231.135 43958 inside 192.168.0.5 43958
nat server protocol tcp global 121.81.231.136 ftp inside 192.168.0.6 ftp
nat server protocol tcp global 121.81.231.136 smtp inside 192.168.0.6 smtp
nat server protocol tcp global 121.81.231.136 www inside 192.168.0.6 www
nat server protocol tcp global 121.81.231.136 81 inside 192.168.0.6 81
nat server protocol tcp global 121.81.231.136 82 inside 192.168.0.6 82
nat server protocol tcp global 121.81.231.136 83 inside 192.168.0.6 83
nat server protocol tcp global 121.81.231.136 84 inside 192.168.0.6 84
nat server protocol tcp global 121.81.231.136 pop3 inside 192.168.0.6 pop3
nat server protocol tcp global 121.81.231.136 1433 inside 192.168.0.6 1433
nat server protocol tcp global 121.81.231.136 5150 inside 192.168.0.6 5150
nat server protocol tcp global 121.81.231.136 5631 inside 192.168.0.6 5631
nat server protocol tcp global 121.81.231.136 58169 inside 192.168.0.6 58169
nat server protocol tcp global 121.81.231.136 8080 inside 192.168.0.6 8080
nat server protocol tcp global 121.81.231.136 43958 inside 192.168.0.6 43958
nat server protocol tcp global 121.81.231.138 smtp inside 192.168.0.8 smtp
nat server protocol tcp global 121.81.231.138 www inside 192.168.0.8 www
nat server protocol tcp global 121.81.231.138 pop3 inside 192.168.0.8 pop3
nat server protocol tcp global 121.81.231.138 5631 inside 192.168.0.8 5631
nat server protocol tcp global 121.81.231.138 58169 inside 192.168.0.8 58169
nat server protocol tcp global 121.81.231.137 ftp inside 192.168.0.9 ftp
nat server protocol tcp global 121.81.231.137 www inside 192.168.0.9 www
nat server protocol tcp global 121.81.231.132 www inside 192.168.0.3 www
nat server protocol tcp global 121.81.231.137 81 inside 192.168.0.9 81
nat server protocol tcp global 121.81.231.137 82 inside 192.168.0.9 82
nat server protocol tcp global 121.81.231.137 83 inside 192.168.0.9 83
nat server protocol tcp global 121.81.231.137 1433 inside 192.168.0.9 1433
nat server protocol tcp global 121.81.231.137 5631 inside 192.168.0.9 5631
nat server protocol tcp global 121.81.231.137 43958 inside 192.168.0.9 43958
nat server protocol tcp global 121.81.231.137 58169 inside 192.168.0.9 58169
nat server protocol tcp global 121.81.231.136 88 inside 192.168.0.6 88
nat server protocol tcp global 121.81.231.137 84 inside 192.168.0.9 84
nat server protocol tcp global 121.81.231.137 85 inside 192.168.0.9 85
nat server protocol tcp global 121.81.231.137 86 inside 192.168.0.9 86
nat server protocol tcp global 121.81.231.137 87 inside 192.168.0.9 87
nat server protocol tcp global 121.81.231.137 88 inside 192.168.0.9 88
nat server protocol tcp global 121.81.231.137 smtp inside 192.168.0.9 smtp
nat server protocol tcp global 121.81.231.137 8080 inside 192.168.0.9 8080
nat server protocol tcp global 121.81.231.137 5080 inside 192.168.0.9 5080
nat server protocol tcp global 121.81.231.137 1935 inside 192.168.0.9 1935
nat server protocol udp global 121.81.231.137 5555 inside 192.168.0.9 5555
nat server protocol tcp global 121.81.231.132 58169 inside 192.168.0.3 58169
nat server protocol tcp global 121.81.231.134 58169 inside 192.168.0.4 58169
nat server protocol tcp global 121.81.231.135 5631 inside 192.168.0.5 5631
nat server protocol tcp global 121.81.231.136 6100 inside 192.168.0.6 6100
nat server protocol tcp global 121.81.231.139 www inside 192.168.0.12 www
nat server protocol tcp global 121.81.231.139 58169 inside 192.168.0.12 58169
nat server protocol tcp global 121.81.231.139 58189 inside 192.168.0.12 58189
nat server protocol tcp global 121.81.231.139 5631 inside 192.168.0.12 5631
nat server protocol tcp global 121.81.231.137 89 inside 192.168.0.9 89
nat server protocol tcp global 121.81.231.134 58269 inside 192.168.0.4 58269
nat server protocol udp global 121.81.231.134 58269 inside 192.168.0.4 58269
nat server protocol tcp global 121.81.231.133 www inside 192.168.0.13 www
nat server protocol tcp global 121.81.231.135 1935 inside 192.168.0.5 1935
nat server protocol tcp global 121.81.231.135 5080 inside 192.168.0.5 5080
nat server protocol tcp global 121.81.231.132 1755 inside 192.168.0.3 1755
nat server protocol tcp global 121.81.231.137 1755 inside 192.168.0.9 1755
nat server protocol tcp global 121.81.231.137 554 inside 192.168.0.9 554
nat server protocol tcp global 121.81.231.135 5551 inside 192.168.0.5 5551
nat server protocol tcp global 121.81.231.131 www inside 192.168.0.204 www
nat server protocol tcp global 121.81.231.134 81 inside 192.168.0.4 81
nat server protocol tcp global 121.81.231.136 1935 inside 192.168.0.6 1935
nat server protocol tcp global 121.81.231.140 www inside 192.168.0.10 www
nat server protocol udp global 121.81.231.137 dns inside 192.168.0.9 dns
nat server protocol tcp global 121.81.231.135 58189 inside 192.168.0.5 58189
nat server protocol tcp global 121.81.231.141 www inside 192.168.0.11 www
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
statistic enable ip inzone
statistic enable ip outzone
#
firewall zone untrust
add interface Ethernet1/0
add interface Ethernet1/1
add interface Ethernet1/2
set priority 5
statistic enable ip inzone
statistic enable ip outzone
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
undo info-center enable
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 121.81.231.129 preference 1
#
firewall defend ip-spoofing
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend syn-flood zone trust
firewall defend udp-flood zone trust
firewall defend syn-flood zone untrust
firewall defend udp-flood zone untrust
#
user-interface con 0
authentication-mode password
set authentication password cipher XB-'KG=+=J^UJ;&DL'U46Q!!
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return

[F100-A]

本文转自 gehailong 51CTO博客，原文链接：http://blog.51cto.com/gehailong/267125，如需转载请自行联系原作者

上一篇 : ：SQL GROUP BY 语句下一篇 : 走出防火墙之外的山石网科

h3c secpath f100的配置和管理

相关阅读

推荐文章