Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

H3C firewall configuration

2025-03-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Sys

[H3C] int g1/0/1

[H3C-GigabitEthernet1/0/1] ipadd 123.232.115.11 24

[H3C-GigabitEthernet1/0/1] qu

[H3C] int g1/0/3

[H3C-GigabitEthernet1/0/3] ipadd 192.168.10.1 24

[H3C-GigabitEthernet1/0/3] qu

[H3C] interfaceGigabitEthernet 1-0-1

[H3C-GigabitEthernet1/0/1] nat outbound

[H3C] iproute-static 0.0.0.0 0 123.232.115.10

Configure ACL 3000 and define the rule: allow IP traffic.

[H3C] acladvanced 3000

[H3C-acl-ipv4-adv-3000] rule permit ip

[H3C-acl-ipv4-adv-3000] qu

Add interface GigabitEthernet1/0/1 to the security domain Untrust

[H3C] security-zone name Untrust

[H3C-security-zone-Untrust] import interfaceGigabitEthernet 1-0-1

[H3C-security-zone-Untrust] qu

Add interface GigabitEthernet1/0/3 to the security domain Trust

[H3C] security-zone name Trust

[H3C-security-zone-Trust] import interfaceGigabitEthernet 1-0-3

[H3C-security-zone-Trust] qu

[H3C] zone-pair security source Trustdestination local

[H3C-zone-pair-security-Trust-Local] packet-filter3000

[H3C-zone-pair-security-Trust-Local] qu

[H3C] zone-pairsecurity source local destination Trust

[H3C-zone-pair-security-Local-Trust] packet-filter3000

[H3C-zone-pair-security-Local-Trust] qu

[H3C] zone-pair security source Trustdestination Untrust

[H3C-zone-pair-security-Trust-Untrust] packet-filter3000

[H3C-zone-pair-security-Trust-Untrust] qu

If multiple ports on the device join the same security domain, you need to add the following command, otherwise the terminals under the same port cannot communicate with each other.

[H3C] security-zone intra-zone default permit

DHCP configuration:

[H3C] dhcp enable

[H3C] dhcp serverip-pool 10

[H3C-dhcp-pool-10] network192.168.10.20 mask 255.255.255.0

[H3C-dhcp-pool-10] gateway-list 192.168.10.1

[H3C-dhcp-pool-10] dns-list 202.102.152.3202.102.128.68

Define the IP addresses that are forbidden to be assigned by each DHCP address pool (start to end)

[H3C-dhcp-pool-10] dhcp server forbidden-ip 192.168.10.1 192.168.10.100

Http configuration:

[H3C] ip httpenable

[H3C] ip https enable

[H3C] local-useradmin

[H3C-luser-manage-admin] service-typehttp https

[H3C-luser-manage-admin] password simple 123456

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report