Shulou(Shulou.com)06/01 Report--

Http://www.h4c.com.cn/Service/Software_Download/IP_Security/Firewall___ × × / Comware_V7/H3C_SecPath_F1020/

Download 3CDaemon's FTP software,

The first step is to open the FTP software of 3cdaemon and click-- > "set up TFTP Server"

Step 2, click-- > TFTP Settings-- > Select the system folder to be upgraded

The third step, the system file name suffix must be added, otherwise it cannot be uploaded.

After tftp 1.1.1.1 get XXXX.ipe upload is completed, execute

Boot-loader file slot1#flash:/XXXX.ipe all main sets the system as the loading system

Step 4. File upload failed.

1. Analyze disk space (dir checks disk space and finds that there is enough space left for upgrade files)

two。 Analyze the software upgrade version (check the software upgrade version file for corruption)

3. Carefully analyze the prompts of the system

H3C security device activates license and binds to .did file at the same time. You need to download .did file from the device.

The first step is to ensure that PC can ping the security device (the above step is to open each area)

Step 2, tftp PC address put / flash:/license/ file name .did (tftp must be opened at the same time)

Problem, the latest product of Huasan Firewall, directly connected access to the interface is not allowed, can not ping

The first step is to define the area (usually it is defined at the factory)

Security-zone name Management (defined for the management interface)

Security-zone name untrust (no-trust zone corresponds to external network)

Security-zone name trust (internal network corresponding to trust zone)

Security-zone name DMZ (external server corresponding to demilitarized zone)

Security-zone name local (for local)

1. Exchange mode

Interface Vlan-interface100

Ip address 192.168.30.1 255.255.255.0

Undo shutdown

Interface GigabitEthernet1/0/2

Port link-mode bridge

Port access vlan 100

2. Route pattern

Interface GigabitEthernet1/0/3

Port link-mode route

Ip address 192.168.40.1 255.255.255.0

Undo shutdown

Step 2, join the area

Security-zone name Trust

Import interface GigabitEthernet1/0/3 (Route pattern plus Interface)

Import interface Vlan-interface100 (switch mode plus vlan)

The third step, define ACL

Acl basic 2000

Rule 10 permit source any (which can be defined in detail here)

The fourth step is to define area access rules.

Zone-pair security source Trust destination Any

Packet-filter 2000

Zone-pair security source untrust destination Any

Packet-filter 2000

Zone-pair security source Local destination Any opens the Local area to any area (if not, then the ping on the device is different to the terminal address of any area)

Packet-filter 2000

If multiple ports on the device join the same security domain, you need to add the following command, otherwise the terminals under the same port cannot communicate with each other.

Security-zone intra-zone default permit

H3C firewall configuration NAT internal network can not access web server, external network can access

[H3C-FW] interface GigabitEthernet5/0 internal network port

[H3C-FW-GigabitEthernet5/0] nat hairpin enable

Zone-pair security source Trust destination Trust

Packet-filter 2000

Blacklist: a way to filter based on the source IP address of a message

Whitelist: filter based on the source IP address of the message to prevent specific IP addresses from being blacklisted

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.