返回
h3c防火墙配置实例(防火墙配置域间策略脚本)
h3c防火墙配置实例(防火墙配置域间策略脚本)
2024-11-05 05:48:52  作者:心裡念你  网址:https://m.xinb2b.cn/know/bzj471788.html

version 7.1.064, Release 9304P05

#

sysname UNIS

#

context Admin id 1

#

ip vpn-instance management

route-distinguisher 1000000000:1

vpn-target 1000000000:1 import-extcommunity

vpn-target 1000000000:1 export-extcommunity

#

telnet server enable

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

#

security-zone intra-zone default permit

#

password-recovery enable

#

vlan 1

#

vlan 49 to 50

#

vlan 70

#

vlan 255

#

object-group ip address DNC服务器

0 network host address 10.100.80.10

#

object-group ip address DNC机床

description DNC机床

0 network subnet 10.100.50.0 255.255.255.0

#

object-group ip address test

#

object-group ip address 机加一分厂触摸屏控制台

0 network host address 10.100.50.193

#

object-group service 123

0 service icmp 0 0

#

object-group service DNC机床-服务器端口策略

0 service icmp 0 0

10 service tcp destination eq 21

20 service tcp destination range 600 1023

30 service udp destination eq 2049

40 service udp destination eq 111

50 service tcp destination eq 2049

60 service tcp destination eq 111

70 service tcp destination eq 19000

80 service udp destination range 8192 8193

90 service tcp destination range 8192 8193

100 service tcp destination eq 502

#

object-group service 机加一分厂触摸屏控制台-服务器

0 service icmp 0 0

10 service tcp destination eq 8889

20 service tcp destination eq 8000

30 service tcp destination eq 1521

#

interface NULL0

#

interface Vlan-interface255

ip address 10.100.255.40 255.255.255.0

#

interface GigabitEthernet1/0/0

port link-mode route

ip binding vpn-instance management

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/3

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/4

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/5

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/6

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/7

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/8

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/9

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/10

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/11

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/12

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/13

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/14

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/15

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

object-policy ip Any-Any

rule 0 pass logging counting

#

object-policy ip Trust-Untrust

rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端

口策略 logging counting

rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service

右环殖Тッ量刂铺?服务器 logging counting

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255

#

security-zone name DMZ

#

security-zone name Untrust

import interface Vlan-interface255

import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

packet-filter 2000

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line con 0

authentication-mode scheme

user-role network-admin

#

line vty 0 4

user-role level-15

user-role network-admin

set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb

95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==

protocol inbound telnet

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

ip route-static 0.0.0.0 0 10.100.255.254

#

info-center logbuffer size 1024

#

ssh server enable

#

acl basic 2000

rule 0 permit

rule 0 permit

#

domain system

#

aaa session-limit ftp 16

aaa session-limit telnet 16

aaa session-limit ssh 16

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95

n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==

service-type ssh terminal https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user h3c class manage

service-type https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user i class manage

authorization-attribute user-role network-operator

#

ip https enable

#

ips policy default

#

anti-virus policy default

#

return


  • 城南旧事好句摘抄(关于城南旧事经典句子)
  • 2024-11-05关于城南旧事经典句子麻袋空了,“乌金墨玉”都卖了,铃铛在轻松的步伐里响得更清脆我站在骆驼的面前,看它们吃草料咀嚼的样子:那样丑的脸,那样长的牙,那样安静的态度它们咀嚼的时候,上牙和下牙交错地磨来磨去,大鼻孔里冒着热气,白。
  • 鼻窦炎的六种典型症状表现(为什么会得鼻窦炎)
  • 2024-11-05为什么会得鼻窦炎鼻窦是鼻腔中充满空气和产生粘液的骨质小腔,有助于保持鼻腔通道免受过敏原和污染物的影响而鼻窦炎是则腔组织的炎症对于鼻炎可能大家会比较熟悉,但是这鼻窦炎是怎么回事呢?这里我们一起来了解一下为什么会得鼻窦炎。
  • 智子疑邻的译文及寓意(智子疑邻的译文及寓意是什么)
  • 2024-11-05智子疑邻的译文及寓意是什么原文智子疑邻宋有富人,天雨墙坏其子曰:“不筑,必将有盗”其邻人之父亦云暮而果大亡其财,其家甚智其子,而疑邻人之父译文宋国有个富人,有一天下雨那个富人家的墙被毁坏他儿子说:“如果不赶紧修筑它,一定会有盗。
  • 4剑士4沙漠云顶之弈阵容(4剑士4沙漠穿甲流攻略)
  • 2024-11-054剑士4沙漠穿甲流攻略阵容构成:4沙漠鳄鱼、沙皇、螳螂、希维尔4剑士亚索、剑魔、希维尔、剑圣2云霄亚索、风女2秘术风女、剑圣沙漠的穿甲搭配剑士的高输出,完美的组合沙漠有点类似于最早版本的虚空,与之不同的是沙漠的效果更加出色。
  • 古代口香糖大全(口衔丁香古代的)
  • 2024-11-05口衔丁香古代的前言说到口香糖,相信大家每一个人都吃过,不分老幼每一个人在闲下来的时候,都喜欢吃它一方面这种糖本身就发甜,第二个原因可以让我们嘴里的空气更加清新但是其实口香糖这种东西,在古代时期就已经存在了,古时候由。
  • unny的面膜适合混干皮吗(手粗糙怎么才能恢复光滑)
  • 2024-11-05手粗糙怎么才能恢复光滑都说手是女人的第二张脸,需要好好爱护,但很多女性由于经常做家务,手部皮肤会变得粗糙干裂想拥有一双又白又嫩又光滑的双手,需要注重手部皮肤的护理每个女性都渴望拥有一双修长漂亮的手,但由于各种原因,有很多人。
  • 春笋的做法?(教你春笋的10种做法)
  • 2024-11-05教你春笋的10种做法一、春笋蒸咸肉食材春笋100g、五花咸肉100g、料酒2勺、鸡汁2勺、葱花少许做法1、春笋绰一下水,切薄片,五花咸肉洗净切薄片2、如果咸肉味道太咸可以用温水浸泡一会3、取一个浅盘,先放入一层笋片再放入。
  • 任素汐入戏太深哭到崩溃(任素汐把性格缺陷)
  • 2024-11-05任素汐把性格缺陷登上大屏幕之前,任素汐演了十年话剧,出门、上台、演戏,这是她的日常状态,微博粉丝七千人如今她被推上更大的平台,这个数字变成十万任素汐猝不及防地红了《驴得水》上映后,获得好评,女主角任素汐也迅速被观众熟。
  • 新买的盆栽玫瑰花咋养(新买的盆栽玫瑰花怎么办)
  • 2024-11-05新买的盆栽玫瑰花怎么办新买的盆栽玫瑰花需要缓苗处理,先放在阴凉通风处,等它适应新的环境之后再恢复管理它本身喜光,适应后需移到光线好的地方,多让它晒太阳浇水要适量,生长季让土壤微湿些,但是不能积水它喜温暖环境,耐高温能力以及。
  • 胃不好吃什么养胃 胃不好吃什么水果养胃
  • 2024-11-05胃不好吃什么养胃 胃不好吃什么水果养胃胃不好可以吃一些生的花生米,有利于养胃,水果方面可以吃一些榴莲,山竹,猕猴桃,圣女果等,平时少吃寒凉和关于刺激性的食物,冷饮,油炸食品,烧烤类的食品都不要吃,以免引起症状加重,要低盐、低糖、低脂肪饮食。