返回
h3c防火墙配置实例(防火墙配置域间策略脚本)
h3c防火墙配置实例(防火墙配置域间策略脚本)
2024-11-22 03:27:45  作者:心裡念你  网址:https://m.xinb2b.cn/life/bzj471788.html

version 7.1.064, Release 9304P05

#

sysname UNIS

#

context Admin id 1

#

ip vpn-instance management

route-distinguisher 1000000000:1

vpn-target 1000000000:1 import-extcommunity

vpn-target 1000000000:1 export-extcommunity

#

telnet server enable

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

#

security-zone intra-zone default permit

#

password-recovery enable

#

vlan 1

#

vlan 49 to 50

#

vlan 70

#

vlan 255

#

object-group ip address DNC服务器

0 network host address 10.100.80.10

#

object-group ip address DNC机床

description DNC机床

0 network subnet 10.100.50.0 255.255.255.0

#

object-group ip address test

#

object-group ip address 机加一分厂触摸屏控制台

0 network host address 10.100.50.193

#

object-group service 123

0 service icmp 0 0

#

object-group service DNC机床-服务器端口策略

0 service icmp 0 0

10 service tcp destination eq 21

20 service tcp destination range 600 1023

30 service udp destination eq 2049

40 service udp destination eq 111

50 service tcp destination eq 2049

60 service tcp destination eq 111

70 service tcp destination eq 19000

80 service udp destination range 8192 8193

90 service tcp destination range 8192 8193

100 service tcp destination eq 502

#

object-group service 机加一分厂触摸屏控制台-服务器

0 service icmp 0 0

10 service tcp destination eq 8889

20 service tcp destination eq 8000

30 service tcp destination eq 1521

#

interface NULL0

#

interface Vlan-interface255

ip address 10.100.255.40 255.255.255.0

#

interface GigabitEthernet1/0/0

port link-mode route

ip binding vpn-instance management

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/3

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/4

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/5

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/6

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/7

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/8

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/9

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/10

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/11

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/12

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/13

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/14

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/15

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

object-policy ip Any-Any

rule 0 pass logging counting

#

object-policy ip Trust-Untrust

rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端

口策略 logging counting

rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service

右环殖Тッ量刂铺?服务器 logging counting

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255

#

security-zone name DMZ

#

security-zone name Untrust

import interface Vlan-interface255

import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

packet-filter 2000

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line con 0

authentication-mode scheme

user-role network-admin

#

line vty 0 4

user-role level-15

user-role network-admin

set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb

95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==

protocol inbound telnet

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

ip route-static 0.0.0.0 0 10.100.255.254

#

info-center logbuffer size 1024

#

ssh server enable

#

acl basic 2000

rule 0 permit

rule 0 permit

#

domain system

#

aaa session-limit ftp 16

aaa session-limit telnet 16

aaa session-limit ssh 16

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95

n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==

service-type ssh terminal https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user h3c class manage

service-type https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user i class manage

authorization-attribute user-role network-operator

#

ip https enable

#

ips policy default

#

anti-virus policy default

#

return


  • 上海沪惠保官方投保平台(129元保一年2022年度沪惠保)
  • 2024-11-22129元保一年2022年度沪惠保新民晚报讯(记者屠瑜)5月25日,2022年度上海“沪惠保”开启线上预约投保“沪惠保「2022版」”在2021年版基础上,保障升级,将CAR-T治疗药品和海外肿瘤特药纳入保障,保费为129元保一年,可。
  • 死海一日游(在大连也能体验)
  • 2024-11-22在大连也能体验体验“死海”一样的水中漂浮彩虹竞速滑梯上,游客玩得不亦乐乎中国首座海盐主题公园——海盐世界公园开园文图大连新闻传媒集团记者高强本报讯还记得初中语文课本中,有一篇《死海不死》吗?那神奇的可以躺着看书的海。
  • 七夕单身狗朋友圈说说(适合七夕的句子)
  • 2024-11-22适合七夕的句子情人节要到了,只能和自己抱歉的说一句:对不起,今年的情人节又要一个人过了区区一个情人节算什么?嫁对了人,天天情人节嫁错了人,天天清明节嫁个懒人,天天劳动节嫁个有钱的人,天天过春节嫁个花心的,天天光棍节。
  • 沙盒游戏推荐生存游戏(这10款沙盒游戏你玩不腻)
  • 2024-11-22这10款沙盒游戏你玩不腻在大多数玩家的游戏生涯里,或多或少都出现过沙盒游戏的影子游戏市场上的沙盒游戏更是数不胜数,让人一时间无所适从,不知道哪一款适合自己,接下来就来推荐十款百玩不腻的沙盒游戏吧第一款为《传送门骑士》,这是一。
  • 武汉消失的商业街在哪里(武汉商业复苏背后)
  • 2024-11-22武汉商业复苏背后唯有烟火气,最抚烦人心口罩下奔波的人们,见证着大武汉这座城市城市活力的日渐复苏商业开街,餐饮复食行动,这是目前最大的信心在刚刚过去的“五一”假期,武汉的各大商圈也是掀起了一股消费浪潮,武广更是惊现久违。
  • 沈涛的情商有多强(沈涛真的毫无存在感吗)
  • 2024-11-22沈涛真的毫无存在感吗大家好我是木鱼,欢迎大家来到木鱼八卦社《王牌对王牌》作为浙江卫视的老牌综艺节目,从2016年开始走到现在已经有5年了,王牌家族也从第一季走到了现在的第六季,作为一个老牌的综艺节目,它并没有让人失望,王。
  • 自制剪辑教程(分享一哈在电脑上剪辑)
  • 2024-11-22分享一哈在电脑上剪辑如今随着短视频的不断兴起,视频制作的学习需求也是越发的旺盛,前两天我就发现我的几个好朋友都开始制作各种短视频发布到各大短视频的平台上,我看着他们制作出来的视频觉得非常神奇,便也想要尝试制作剪辑一个视频。
  • 辽宁春晚近几年出来的搞笑小品(辽宁春晚小品大家期盼)
  • 2024-11-22辽宁春晚小品大家期盼每一年的辽宁卫视春节联欢晚会都是广大观众最为期盼的地方卫视台春节晚会,最主要原因就是小品多,笑果好!过年图的就是欢乐祥和,期盼的就是幸福安康,所以小品节目一直广受观众喜爱,而辽宁电视台每年的春节晚会都。
  • 2022年崇义大摆村春节拜年祝福(洪江市大崇乡福娃闹新春)
  • 2024-11-22洪江市大崇乡福娃闹新春怀化新闻网讯盼“村晚”、办“村晚”、看“村晚”已成为当地村民迎接新年的新年俗2月1日,一场以“走进新时代奔向中国梦”为主题的村晚活动在洪江市大崇乡赤溪村村部如约而至,它不仅留住了乡愁、更唤醒了记忆“今。
  • 顺丰将12件快递扔进垃圾箱事件(壹现场被指将客户)
  • 2024-11-22壹现场被指将客户6月23日开始,有自媒体作者发文爆料称,在从北京向上海搬家过程中,委托顺丰速运(以下简称顺丰)递送个人物品,没想到部分物品进了垃圾场追问原因时,一直未得到顺丰方面的合理回应北青-北京头条记者从顺丰速运。