返回
h3c防火墙配置实例(防火墙配置域间策略脚本)
h3c防火墙配置实例(防火墙配置域间策略脚本)
2024-06-29 02:29:00  作者:心裡念你  网址:https://m.xinb2b.cn/tech/bzj471788.html

version 7.1.064, Release 9304P05

#

sysname UNIS

#

context Admin id 1

#

ip vpn-instance management

route-distinguisher 1000000000:1

vpn-target 1000000000:1 import-extcommunity

vpn-target 1000000000:1 export-extcommunity

#

telnet server enable

#

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

#

security-zone intra-zone default permit

#

password-recovery enable

#

vlan 1

#

vlan 49 to 50

#

vlan 70

#

vlan 255

#

object-group ip address DNC服务器

0 network host address 10.100.80.10

#

object-group ip address DNC机床

description DNC机床

0 network subnet 10.100.50.0 255.255.255.0

#

object-group ip address test

#

object-group ip address 机加一分厂触摸屏控制台

0 network host address 10.100.50.193

#

object-group service 123

0 service icmp 0 0

#

object-group service DNC机床-服务器端口策略

0 service icmp 0 0

10 service tcp destination eq 21

20 service tcp destination range 600 1023

30 service udp destination eq 2049

40 service udp destination eq 111

50 service tcp destination eq 2049

60 service tcp destination eq 111

70 service tcp destination eq 19000

80 service udp destination range 8192 8193

90 service tcp destination range 8192 8193

100 service tcp destination eq 502

#

object-group service 机加一分厂触摸屏控制台-服务器

0 service icmp 0 0

10 service tcp destination eq 8889

20 service tcp destination eq 8000

30 service tcp destination eq 1521

#

interface NULL0

#

interface Vlan-interface255

ip address 10.100.255.40 255.255.255.0

#

interface GigabitEthernet1/0/0

port link-mode route

ip binding vpn-instance management

ip address 192.168.0.1 255.255.255.0

#

interface GigabitEthernet1/0/16

port link-mode route

#

interface GigabitEthernet1/0/17

port link-mode route

#

interface GigabitEthernet1/0/18

port link-mode route

#

interface GigabitEthernet1/0/19

port link-mode route

#

interface GigabitEthernet1/0/20

port link-mode route

#

interface GigabitEthernet1/0/21

port link-mode route

#

interface GigabitEthernet1/0/22

port link-mode route

#

interface GigabitEthernet1/0/23

port link-mode route

#

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/3

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/4

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/5

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/6

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/7

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/8

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/9

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/10

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/11

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/12

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/13

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/14

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

interface GigabitEthernet1/0/15

port link-mode bridge

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 255

#

object-policy ip Any-Any

rule 0 pass logging counting

#

object-policy ip Trust-Untrust

rule 0 pass source-ip DNC机床 destination-ip DNC服务器 service DNC机床-服务器端

口策略 logging counting

rule 1 pass source-ip 机加一分厂触摸屏控制台 destination-ip DNC服务器 service

右环殖Тッ量刂铺?服务器 logging counting

#

security-zone name Local

#

security-zone name Trust

import interface GigabitEthernet1/0/8 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/9 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/10 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/11 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/12 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/13 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/14 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/15 vlan 1 49 to 50 70 80 255

#

security-zone name DMZ

#

security-zone name Untrust

import interface Vlan-interface255

import interface GigabitEthernet1/0/1 vlan 1 49 to 50 70 80 255

import interface GigabitEthernet1/0/2 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/3 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/4 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/5 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/6 vlan 1 50 70 80 255

import interface GigabitEthernet1/0/7 vlan 1 50 70 80 255

#

security-zone name Management

import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

packet-filter 2000

#

zone-pair security source Trust destination Untrust

object-policy apply ip Trust-Untrust

#

scheduler logfile size 16

#

line class aux

user-role network-operator

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line aux 0

user-role network-admin

#

line con 0

authentication-mode scheme

user-role network-admin

#

line vty 0 4

user-role level-15

user-role network-admin

set authentication password hash $h$6$FXcqr ZUfkzh0xpf$FoUxGIL0XT92tC90K2jVEkPb

95M33o675GIBswGHmY1iFfkmEoA/5m37Bn8aOnghK8bXPJZRbEd6P9VLjopCdg==

protocol inbound telnet

#

line vty 5 63

authentication-mode scheme

user-role network-admin

#

ip route-static 0.0.0.0 0 10.100.255.254

#

info-center logbuffer size 1024

#

ssh server enable

#

acl basic 2000

rule 0 permit

rule 0 permit

#

domain system

#

aaa session-limit ftp 16

aaa session-limit telnet 16

aaa session-limit ssh 16

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$9R/xrcOboMeyKx5C$0bPaw7Q41dLHQp2X8AAdmTLTU8RGFVplQmWdU7VZG95

n 3Dh2SQlKUn nIIVZflQSgIhMWZzVFEqlXFMeecodQ==

service-type ssh terminal https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user h3c class manage

service-type https

authorization-attribute user-role level-3

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

#

local-user i class manage

authorization-attribute user-role network-operator

#

ip https enable

#

ips policy default

#

anti-virus policy default

#

return

h3c防火墙配置实例(防火墙配置域间策略脚本)(1)

  • 唇部纹绣缺点(纹绣不好意思漂唇就是比涂口红更健康)
  • 2024-06-29纹绣不好意思漂唇就是比涂口红更健康张爱玲写了很多非凡的小说,而之所以非凡,在于她对女性生活理解得很深刻她曾说过,“你们可以不施粉黛,可以素面朝天,但至少要涂口红,就能让整个人光鲜起来!”张爱玲知道,对于一个女性来说,涂口红能展现女性魅。
  • 江西省哪个县有潜力 江西省名气最大的5个县市
  • 2024-06-29江西省哪个县有潜力 江西省名气最大的5个县市江西是我国南方名气较大的一个省份,大家都比较熟悉,其中一些名气较大的城市如南昌、赣州、九江等那你知道江西哪些县级城市名气较高呢?下面就让我们看看吧:1、井冈山市:吉安市代管县级市井冈山是我国著名的红色。
  • 陈势安的天后是摇滚歌曲吗(这首粤语歌曲翻唱于陈势安的天后)
  • 2024-06-29这首粤语歌曲翻唱于陈势安的天后Hi,大家好,欢迎走进新一期的豆丁侃音乐,我是豆丁!一样的歌曲往往经过不同的人演唱会具有不一样的感觉,而如果在歌词部分再经过不同歌手的改变自然味道就更加不一样了今天我们要给大家介绍的就是经过改编之后的。
  • vans鉴赏(最佳登山伴侣VANS推出The)
  • 2024-06-29最佳登山伴侣VANS推出The以滑板鞋制造而起家的VANS凭借十分OG的设计赢得许多球鞋爱好者的青睐,但近期VANS为我们带来的全新设计皆是以“山系”作为主题,尤其是这双VANSTheStaticCCMTE该系列鞋款基于户外运动作。
  • 廉价减肥餐一日三餐食谱(营养师减肥食谱)
  • 2024-06-29营养师减肥食谱我在头条已写过158道减脂早餐食谱,54道减脂午餐食谱但晚餐却写的很少,为什么呢?是不是我不用吃饭呢?不是的,我也正常吃晚饭,三餐都均衡我发的食谱都是我做过的,也我自己每天吃的饭菜但我除了在头条上写减。
  • 类似女儿国的杰基的电影(电影女儿国的杰基)
  • 2024-06-29电影女儿国的杰基​在电影《女儿国的杰基》中,有这样一个叫布妮妮共和国的国家,女人是当权者,男人是女儿的附属品,必须穿罩袍在家相夫教子,女人们可以“三妻四妾”、聚众调戏男人……​虽然女儿国的设定咱们《西游记》早都有了,。
  • qt导入dll函数(Qt项目如何使用DLL)
  • 2024-06-29Qt项目如何使用DLL前面已经学习了Qt项目如何创建dll,本文就接着学习如何在项目中使用创建好的dll在QtCreator中可以同时打开两个project,其中一个是active状态,其工程名称用黑体表示可以用鼠标右键在。
  • 祝人旅行愉快的句子(祝人旅行愉快的短语精选)
  • 2024-06-29祝人旅行愉快的短语精选我想变成清新空气,无处不在的跟随你,度假出游也不放弃,看你尽情玩耍嬉戏,无时无刻的环绕你,今生未能如愿哩,特托空气把我的祝福来传递,旅途愉快是真谛,快快乐乐满载而归甚欢喜你窗前皎洁的月光,那是我含情脉。
  • 迪士尼配音员(迪士尼配音演员去世享年75岁)
  • 2024-06-29迪士尼配音演员去世享年75岁米老鼠系列作为迪士尼经典的卡通形象,可以说是最早一批传递迪士尼动漫文化的一个符号,也是至今为止影响了中国几代人的一个非常重要的卡通人物形象而就在近日,为“米妮”这一卡通形象配音30年的露西·泰勒去世,。
  • 罗志祥简恺乐在一起(罗志祥简恺乐合唱恋爱达人)
  • 2024-06-29罗志祥简恺乐合唱恋爱达人娱乐看八卦,快乐你我他,欢迎进入今天的娱乐趣事,我是你们可爱的小编(大伟),与您共同进入关注今天的娱乐趣闻罗志祥简恺乐合唱《恋爱达人》,谁注意蝴蝶姐姐眼神?喜欢装不出距周扬青发布分手传闻已经过去一个多。