返回
h3c防火墙配置实例(防火墙配置域间策略脚本)
h3c防火墙配置实例(防火墙配置域间策略脚本)
2024-09-29 01:32:38  作者:心裡念你  网址:https://m.xinb2b.cn/sport/bzj471788.html

version 7.1.064, Release 9304P05

#

sysname UNIS

#

context Admin id 1

#

ip vpn-instance management

route-distinguisher 1000000000:1

vpn-target 1000000000:1 import-extcommunity

vpn-target 1000000000:1 export-extcommunity

#

telnet server enable

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

#

security-zone intra-zone default permit

#

password-recovery enable

#

vlan 1

#

vlan 49 to 50

#

vlan 70

#

vlan 255

#

object-group ip address DNC服务器

0 network host address 10.100.80.10

#

object-group ip address DNC机床

description DNC机床

0 network subnet 10.100.50.0 255.255.255.0

#

object-group ip address test

#

object-group ip address 机加一分厂触摸屏控制台

0 network host address 10.100.50.193

#

object-group service 123

0 service icmp 0 0

#

object-group service DNC机床-服务器端口策略

0 service icmp 0 0

10 service tcp destination eq 21

20 service tcp destination range 600 1023

30 service udp destination eq 2049

40 service udp destination eq 111

50 service tcp destination eq 2049

60 service tcp destination eq 111

70 service tcp destination eq 19000

80 service udp destination range 8192 8193

90 service tcp destination range 8192 8193

100 service tcp destination eq 502

#

object-group service 机加一分厂触摸屏控制台-服务器

0 service icmp 0 0

10 service tcp destination eq 8889

20 service tcp destination eq 8000

30 service tcp destination eq 1521

#

interface NULL0

#

interface Vlan-interface255

ip address 10.100.255.40 255.255.255.0

#

interface GigabitEthernet1/0/0

port link-mode route

ip binding vpn-instance management

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/3

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/4

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/5

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/6

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/7

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/8

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/9

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/10

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/11

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/12

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/13

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/14

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/15

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

object-policy ip Any-Any

rule 0 pass logging counting

#

object-policy ip Trust-Untrust

rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端

口策略 logging counting

rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service

右环殖Тッ量刂铺?服务器 logging counting

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255

#

security-zone name DMZ

#

security-zone name Untrust

import interface Vlan-interface255

import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

packet-filter 2000

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line con 0

authentication-mode scheme

user-role network-admin

#

line vty 0 4

user-role level-15

user-role network-admin

set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb

95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==

protocol inbound telnet

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

ip route-static 0.0.0.0 0 10.100.255.254

#

info-center logbuffer size 1024

#

ssh server enable

#

acl basic 2000

rule 0 permit

rule 0 permit

#

domain system

#

aaa session-limit ftp 16

aaa session-limit telnet 16

aaa session-limit ssh 16

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95

n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==

service-type ssh terminal https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user h3c class manage

service-type https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user i class manage

authorization-attribute user-role network-operator

#

ip https enable

#

ips policy default

#

anti-virus policy default

#

return


  • 爱迪生是怎么发明出发动机的(童年被称为低能儿)
  • 2024-09-29童年被称为低能儿一个人一生中能有一项发明已是了不起的事,而他一生中却取得了一千多项发明的专利权就是这样一个发明天才,在童年时却被人视为低能儿名副其实的发明大王——美国发明家爱迪生爱迪生于1847年2月11日出生在美国。
  • 解读上海临港自贸新片区(上海自贸区临港新片区)
  • 2024-09-29上海自贸区临港新片区中证网讯(记者乔翔)8月20日,上海市政府新闻办举行市政府新闻发布会,介绍上海自贸区临港新片区三周年发展成就上海市委常委、临港新片区党工委书记、管委会主任陈金山表示,过去三年,临港新片区发展开好了头、。
  • 青春有你2排名有什么用(青春有你第二季介绍)
  • 2024-09-29青春有你第二季介绍《青春有你2》排名前9位的话组成偶像团体出道《青春有你第二季》是爱奇艺出品的青年励志综艺节目由蔡徐坤担任青春制作人代表、LISA担任舞蹈导师、陈嘉桦担任音乐导师、JONYJ担任说唱导师该节目召集了10。
  • 女孩好听的英文名(这些名字太好听了)
  • 2024-09-29这些名字太好听了Fay——斐由三个字母组成,发音为[fe],简单易懂,书写也方便,含义为“忠贞或忠诚,小仙女”,引申为有分析头脑,有创造力,善良,吉祥的寓意内涵catherine——凯瑟琳大多数人对这个名字都非常熟悉。
  • 史记廉颇蔺相如列传中所有故事 史记故事之廉颇老矣
  • 2024-09-29史记廉颇蔺相如列传中所有故事 史记故事之廉颇老矣邯郸之围解除后,燕国以为赵国元气大伤,就起兵攻打赵国赵国派廉颇为将,打败燕君廉颇因此被封为信平君廉颇从长平被免职时,门客都离开了他当他再被任用时,门客们又都回来了但是廉颇并没有接受他们又过了六年,赵孝。
  • polish单词快速记忆(学会15个Singlish单词成为地道Singlish用者)
  • 2024-09-29学会15个Singlish单词成为地道Singlish用者Singlish(新加坡式英语)不仅在新加坡家喻户晓,而且已经入选牛津大辞典除了那些大家都知道的特有后缀词”lah”“lor”“leh”等和独特的文法之外,其实还有些词在英美英语里的意思,和新加坡式英。
  • 什么是二倍体?(二倍体可以用什么来表示)
  • 2024-09-29二倍体可以用什么来表示二倍体是指由受精卵发育而来,且体细胞中含有两个染色体组的生物个体另外,由二倍体的体细胞培育而来的植物,以及由只含一组染色体组的单倍体经过染色体数目加倍处理而来的植物也叫二倍体可用2n表示人和几乎全部的。
  • 百香果的果汁有哪些?没有什么地位的果汁之王
  • 2024-09-29百香果的果汁有哪些?没有什么地位的果汁之王文|墨墨知道在水果家族里,百香果一直没什么存在感,否则你就没法解释为什么它传播得那么慢它的其他美洲朋友,如辣椒、番薯,早已在三四百年前就传遍世界,甚至翻山越岭深入中国腹地二十世纪初,百香果才经台湾传入。
  • 国内胶原蛋白企业规模(商务部研究院发布白皮书)
  • 2024-09-29商务部研究院发布白皮书新京报贝壳财经讯(记者于梦儿)10月9日,商务部国际贸易经济合作研究院课题组发布《国内高品质胶原蛋白行业发展白皮书》(以下简称“《白皮书》”)据悉,《白皮书》在介绍胶原蛋白的来源、分类和功效,分析国际。
  • 头像国旗怎么弄(微信头像添加国旗方法详解)
  • 2024-09-29微信头像添加国旗方法详解在微信小程序,搜:头像小助手这个小程序,就是用它制作的进入后,找到【国旗头像】这个功能进入后,可以看到自己的微信头像右下角,自动加上了国旗如果想加其他图标,可以点【自定义图标】自己从本地上传确认好效果。