返回
h3c防火墙配置实例(防火墙配置域间策略脚本)
h3c防火墙配置实例(防火墙配置域间策略脚本)
2024-11-14 09:07:11  作者:心裡念你  网址:https://m.xinb2b.cn/sport/bzj471788.html

version 7.1.064, Release 9304P05

#

sysname UNIS

#

context Admin id 1

#

ip vpn-instance management

route-distinguisher 1000000000:1

vpn-target 1000000000:1 import-extcommunity

vpn-target 1000000000:1 export-extcommunity

#

telnet server enable

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

#

security-zone intra-zone default permit

#

password-recovery enable

#

vlan 1

#

vlan 49 to 50

#

vlan 70

#

vlan 255

#

object-group ip address DNC服务器

0 network host address 10.100.80.10

#

object-group ip address DNC机床

description DNC机床

0 network subnet 10.100.50.0 255.255.255.0

#

object-group ip address test

#

object-group ip address 机加一分厂触摸屏控制台

0 network host address 10.100.50.193

#

object-group service 123

0 service icmp 0 0

#

object-group service DNC机床-服务器端口策略

0 service icmp 0 0

10 service tcp destination eq 21

20 service tcp destination range 600 1023

30 service udp destination eq 2049

40 service udp destination eq 111

50 service tcp destination eq 2049

60 service tcp destination eq 111

70 service tcp destination eq 19000

80 service udp destination range 8192 8193

90 service tcp destination range 8192 8193

100 service tcp destination eq 502

#

object-group service 机加一分厂触摸屏控制台-服务器

0 service icmp 0 0

10 service tcp destination eq 8889

20 service tcp destination eq 8000

30 service tcp destination eq 1521

#

interface NULL0

#

interface Vlan-interface255

ip address 10.100.255.40 255.255.255.0

#

interface GigabitEthernet1/0/0

port link-mode route

ip binding vpn-instance management

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/3

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/4

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/5

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/6

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/7

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/8

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/9

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/10

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/11

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/12

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/13

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/14

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/15

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

object-policy ip Any-Any

rule 0 pass logging counting

#

object-policy ip Trust-Untrust

rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端

口策略 logging counting

rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service

右环殖Тッ量刂铺?服务器 logging counting

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255

#

security-zone name DMZ

#

security-zone name Untrust

import interface Vlan-interface255

import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

packet-filter 2000

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line con 0

authentication-mode scheme

user-role network-admin

#

line vty 0 4

user-role level-15

user-role network-admin

set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb

95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==

protocol inbound telnet

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

ip route-static 0.0.0.0 0 10.100.255.254

#

info-center logbuffer size 1024

#

ssh server enable

#

acl basic 2000

rule 0 permit

rule 0 permit

#

domain system

#

aaa session-limit ftp 16

aaa session-limit telnet 16

aaa session-limit ssh 16

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95

n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==

service-type ssh terminal https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user h3c class manage

service-type https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user i class manage

authorization-attribute user-role network-operator

#

ip https enable

#

ips policy default

#

anti-virus policy default

#

return


  • 薪酬战略制定的过程和方法(薪酬策论如何制定)
  • 2024-11-14薪酬策论如何制定薪酬策略是对薪酬管理的指导原则,是薪酬制度设计与实施的指导思想制定薪酬策略,首先是明确企业战略,企业战略不明确,说不清楚,做什么都会一团乱麻,薪酬策略的起点也是企业战略;其次,是总结企业文化,考虑企业。
  • 祝福儿子生日的祝福语(祝福儿子生日的祝福语有哪些)
  • 2024-11-14祝福儿子生日的祝福语有哪些看着你脸上露出阳光般的笑容,妈妈十分欣喜生日快乐,儿子!无论你怎样妈妈为你而自豪!愿你生命中的愿望都能得到实现——生日快乐!而今,转眼你都四岁了是一个聪明懂事的孩子儿子,生日快乐!谢谢你陪着妈妈一起成。
  • 挑菜瓜四川话(辣抓挪扎罗渣)
  • 2024-11-14辣抓挪扎罗渣最近,票圈被《哪吒之魔童降世》刷屏,“哪吒”作为我们生活中并不常用的两个字,大家第一反应的读音是什么?是“nǎzhā”?是“ézhā”?是“nézhā”?还是“nàtuō”???或许,“哪吒”这两个字。
  • 烤羊排怎么烤的焦脆(在家烤羊排千万别直接烤)
  • 2024-11-14在家烤羊排千万别直接烤羊肉,饕餮客的挚爱之物宋人东坡居士爱吃、会吃世人皆知,自然也抵挡不了羊肉的诱惑,留下“陇馔有熊腊,秦烹唯羊羹”的吟唱,羊肉肉质鲜嫩,各路做法皆宜,但我却一直认为羊肉最好吃的做法就是烤从小就对羊肉烧烤,。
  • 饮可以怎么组词(生字饮的组词)
  • 2024-11-14生字饮的组词茹毛饮血[rúmáoyǐnxuè]连毛带血地生吃鸟兽意为远古时人们不知熟食饮鸩止渴[yǐnzhènzhǐkě]用毒酒解渴比喻只求解决目前困难而不计后果牛饮[niúyǐn](书)(动)形容大口喝水;放开。
  • Ⅴs代表什么意思
  • 2024-11-14Ⅴs代表什么意思VS:意思是指游戏或者事务之间的对比,相比较,对战,对抗的意思通俗地讲,就是在游戏中最先使用,用于游戏中角色之间的决斗,也称pk。
  • 猜灯谜推荐(推荐常德人猜灯谜喽)
  • 2024-11-14推荐常德人猜灯谜喽猜灯谜猜灯谜又称打灯谜,是从古代就开始流传的元宵节特色活动每逢农历正月十五,家家都要挂起彩灯,有好事者把谜语写在纸条上,贴在五光十色的彩灯上供人猜谜语能启迪智慧又迎合节日气氛,猜灯谜逐渐成为元宵节不可。
  • 为什么人死了还会留下很多记忆(真的会忘记一切吗)
  • 2024-11-14真的会忘记一切吗有感而发:故事写的是杠妹的一个梦境,梦里杠妹“死”了,与最爱的人阴阳两隔,看到他们心碎的脸庞,我亦心如刀绞,最后在痛哭中醒来,感叹“幸好我还活着!我还没有失去他们!”有人问,“面对死亡,是离去的人难过。
  • 私房卤豆干的做法(大叔家的凉菜系列)
  • 2024-11-14大叔家的凉菜系列卤豆干是一道著名的汉族小吃,深受大家喜爱色泽金黄,质地柔嫩,冷食更佳卤豆干是一道著名的特色小吃,深受大家喜爱色泽金黄,质地柔嫩,冷食更佳卤豆腐干在一般的超市里都可以买得到,但确实没有自己做的健康放心今。
  • 上海影视乐园取景地(上海超有年代感的影视城)
  • 2024-11-14上海超有年代感的影视城作为拥有众多取景地的上海影视城,曾为多部电视剧、电影贡献了整体画面,现今,你是否愿意与我一起走进上海这座有年代的影视城好好参观一番呢?上海是一个包容性很强的城市,有现代的繁华、也有旧时的风景,有人喜欢。
  • 熬夜肾不好怎么补(肾不好的人应该如何科学的养肾)
  • 2024-11-14肾不好的人应该如何科学的养肾导语~经常熬夜纵欲,肾不好的人应该如何科学的养肾?最近有不少朋友问我,最近感觉身体虚弱了怎么办,有没有什么好的方法自我恢复?其实对于这个问题还是需要在生活中做到以下几点就可以慢慢的补回来很多人总认为只。