返回
h3c防火墙配置实例(防火墙配置域间策略脚本)
h3c防火墙配置实例(防火墙配置域间策略脚本)
2024-11-22 03:22:47  作者:心裡念你  网址:https://m.xinb2b.cn/sport/bzj471788.html

version 7.1.064, Release 9304P05

#

sysname UNIS

#

context Admin id 1

#

ip vpn-instance management

route-distinguisher 1000000000:1

vpn-target 1000000000:1 import-extcommunity

vpn-target 1000000000:1 export-extcommunity

#

telnet server enable

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

#

security-zone intra-zone default permit

#

password-recovery enable

#

vlan 1

#

vlan 49 to 50

#

vlan 70

#

vlan 255

#

object-group ip address DNC服务器

0 network host address 10.100.80.10

#

object-group ip address DNC机床

description DNC机床

0 network subnet 10.100.50.0 255.255.255.0

#

object-group ip address test

#

object-group ip address 机加一分厂触摸屏控制台

0 network host address 10.100.50.193

#

object-group service 123

0 service icmp 0 0

#

object-group service DNC机床-服务器端口策略

0 service icmp 0 0

10 service tcp destination eq 21

20 service tcp destination range 600 1023

30 service udp destination eq 2049

40 service udp destination eq 111

50 service tcp destination eq 2049

60 service tcp destination eq 111

70 service tcp destination eq 19000

80 service udp destination range 8192 8193

90 service tcp destination range 8192 8193

100 service tcp destination eq 502

#

object-group service 机加一分厂触摸屏控制台-服务器

0 service icmp 0 0

10 service tcp destination eq 8889

20 service tcp destination eq 8000

30 service tcp destination eq 1521

#

interface NULL0

#

interface Vlan-interface255

ip address 10.100.255.40 255.255.255.0

#

interface GigabitEthernet1/0/0

port link-mode route

ip binding vpn-instance management

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/3

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/4

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/5

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/6

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/7

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/8

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/9

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/10

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/11

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/12

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/13

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/14

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/15

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

object-policy ip Any-Any

rule 0 pass logging counting

#

object-policy ip Trust-Untrust

rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端

口策略 logging counting

rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service

右环殖Тッ量刂铺?服务器 logging counting

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255

#

security-zone name DMZ

#

security-zone name Untrust

import interface Vlan-interface255

import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

packet-filter 2000

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line con 0

authentication-mode scheme

user-role network-admin

#

line vty 0 4

user-role level-15

user-role network-admin

set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb

95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==

protocol inbound telnet

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

ip route-static 0.0.0.0 0 10.100.255.254

#

info-center logbuffer size 1024

#

ssh server enable

#

acl basic 2000

rule 0 permit

rule 0 permit

#

domain system

#

aaa session-limit ftp 16

aaa session-limit telnet 16

aaa session-limit ssh 16

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95

n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==

service-type ssh terminal https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user h3c class manage

service-type https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user i class manage

authorization-attribute user-role network-operator

#

ip https enable

#

ips policy default

#

anti-virus policy default

#

return


  • 一夫当关的下一句(这句话出自哪里)
  • 2024-11-22这句话出自哪里一夫当关下一句:万夫莫开意思是:山势又高又险,一个人把着关口,一万个人也打不进来形容地势十分险要“一夫当关万夫莫开”出处唐朝李白《蜀道难》:“剑阁峥嵘而崔嵬,一夫当关,万夫莫开”剑阁:四川剑阁县大小剑。
  • 近30年的电影真实改编(57年前的国民偶像)
  • 2024-11-2257年前的国民偶像1990年,李雪健接到出演《焦裕禄》的任务,第一时间去焦裕禄的家里拜访然而焦裕禄妻子的一句话,让李雪健差点辞演:这个人太胖,太矮,一点儿都不像焦裕禄家人都不认可自己,这还怎么演?最后李雪健把心一横,用。
  • 杨紫和王俊凯在哪里一起上过舞台(杨紫和王俊凯玩跷板)
  • 2024-11-22杨紫和王俊凯玩跷板说到杨紫,相信大家都不陌生,是娱乐圈最炙手可热的流量小花,虽然年纪轻轻,但已经主演了很多经典的影视剧,凭借着精湛的演技圈粉无数,成为了新生代实力派女演员中的代表人物,因此受到众多粉丝的喜爱,今天小编就。
  • 用思维导图学英文单词(用思维导图学习英语单词)
  • 2024-11-22用思维导图学习英语单词我有个邻居家孩子是爷爷奶奶带的,今年刚好是三年级上那孩子人生中第一次学英语,从小没接触过英语,连英语字母也会读成拼音,孩子心态比较紧张再加上今年暑假南京爆发了新冠,前一个月没有去学校上学,都是线上学习。
  • 大米质量问题有哪些(我们吃的大米重金属超标吗)
  • 2024-11-22我们吃的大米重金属超标吗半岛记者赵亚斐近日,深圳市消委会联合宝安区消委会、龙岗区消委会,共同委托深圳市品质消费研究院对20款大米进行比较试验结果显示,20款样品的4项重金属均合格,100项农药残留、黄曲霉毒素B1和石蜡均未检。
  • 章子怡谈和刘德华拍吻戏(章子怡自曝和刘德华拍戏后)
  • 2024-11-22章子怡自曝和刘德华拍戏后提起章子怡大家应该都不陌生吧,被人们称为“国际章”,在电影《罗曼蒂克消亡史》中的精彩表现让她再一次获得了影后,一举夺得了第九届澳门国际电影节金莲花最佳女主角,同是男主角的葛优因因此获得了影帝的称号章子。
  • 为什么需要数据中台(人人都在说的数据中台是什么)
  • 2024-11-22人人都在说的数据中台是什么数据中台的概念由阿里巴巴首次提出,它的目的是将企业沉睡的数据变成数据资产,从而实现数据价值变现的系统和机制本文从什么是数据中台、数据中台的价值、数据中台必备的能力和一些优质的数据中台的架构图模板来展开。
  • 爱鸟护鸟的宣传语(鸟类对人类的益处)
  • 2024-11-22鸟类对人类的益处爱鸟护鸟的宣传语:(1)保护鸟类,为环境增姿添彩(2)今天逝去的一只鸟,明天亡掉的一群人(3)野生动物是人类的朋友!(4)保护鸟类,保护生物多样性(5)地球上没有鸟类,那是一个没有活力的世界鸟类对人类。
  • 揭开神秘面纱dnf(盘点N年前dnf有意思的冷知识)
  • 2024-11-22盘点N年前dnf有意思的冷知识【前言】最近怀旧怀上瘾了,然后发现一堆N久之前的DNF冷知识合集,不敢独吞发来大家一起乐乐!说实话看到这些突然感觉当年还真是水深火热啊!【突然感觉老了】看了一大半发现当年的作者还真是天真啊....顺便。