In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Catalogue
General Firewall deployment document 2
Initialize preconfiguration 2 before firewall configuration
Upgrade to stable firmware system 2
Modify default remote management port 3
Firewall general deployment operation 4
Configure the planned interface with IP. five
Default route configuration 6
Traffic policy configuration 7
CLI- Command Line Quick configuration 7
A brief introduction to common configurations 9
Dnat configuration method 9
Policy release 9
General Firewall deployment documentation
Initialize preconfiguration before firewall configuration
Upgrade to stable firmware system
Screenshots of the specific operation of the upgrade are as follows
Because hillstone-nav20 shipped as 3.5 system.
A stable version of the firmware file needs to be provided by the operation and maintenance engineer (please take the initiative to obtain it from the operation and maintenance engineer)
Notebook direct firewall Eth0/0 port, configure local IP address: 192.168.1.X/24. Ping test, and then the browser enters "192.168.1.1" to enter the Web management interface.
Default username / password: hillstone
Find the following interface:
PS: select the stable version firmware previously provided by the operation and maintenance engineer. After waiting for the upload to complete, the following interface will have the latest version of the firmware drop-down menu. Select 5.0 system firmware for next startup and confirm. Just restart the device.
Modify the default remote management port
Find the following interface:
Change the default username / password
General deployment operation of firewall
1. The operation and maintenance engineer communicates with the customer in advance to confirm the planning of private network IP and port allocation (remember)
Hillstone-Nav20 as an example:
After boot, the notebook directly firewall Eth0/0 port, configure the local IP address: 192.168.1.X/24. Ping test, and then the browser enters "192.168.1.1" to enter the Web management interface.
Default username / password: hillstone
Find the following interface:
Configure the planned interface with IP.
(PS: the boot icon is optional. Note the interface area, Untrust and Trust. Also note that the following service is checked, and telnet is refused to be enabled)
Default route configuration
Then find the following interface:
Click the upper left corner-New: configure the gateway as follows (PS: pay attention to select the public network egress interface)
Traffic policy configuration
Then find the following interface: (add a Dmz to the public network Untrust policy)
Done. Just do the uplink port access. PS: only hosts in the private network 10.8.1.33 can access public network resources. If you need to release all of them, enter any.
These are the steps for partners accustomed to Web-UI to configure remote management. The following is also a brief introduction to the rapid configuration of CLI.
CLI- Command Line Quick configuration
Console connects to the firewall
Interface management-ssh, http, https, snmp
Allen-hillstone (config) # interface ethernet0/1
Allen-hillstone (config-if-eth0/1) # zone untrust
Allen-hillstone (config-if-eth0/1) # ip address 192.168.10.135 255.255.255.0
Allen-hillstone (config-if-eth0/1) # manage ping
Allen-hillstone (config-if-eth0/1) # manage ssh
Allen-hillstone (config-if-eth0/1) # manage http
Allen-hillstone (config-if-eth0/1) # manage https
Allen-hillstone (config-if-eth0/1) # manage snmp
Default route-
Allen-hillstone (config) # ip vrouter
Allen-hillstone (config) # ip vrouter trust-vr
Allen-hillstone (config-vrouter) # ip route 0.0.0.0Plus 0 ethernet0/1 192.168.10.1
Configure policies
Allen-hillstone (config) # policy-global
Allen-hillstone (config) # rule
Allen-hillstone (config-policy-rule) # src-zone dmz
Allen-hillstone (config-policy-rule) # dst-zone untrust
Allen-hillstone (config-policy-rule) # src-addr any
Allen-hillstone (config-policy-rule) # dst-addr any
Allen-hillstone (config-policy-rule) # service any
Allen-hillstone (config-policy-rule) # action permit
Allen-hillstone (config-policy-rule) # exit
Configuration complete.
Now connected to the public network, you can manage remotely.
A brief introduction to common configurations
Dnat configuration method
Strategic release
If dmz-untrust is any and untrust-dmz is also any, you can skip this step. If not, you can skip this step. You can add a release policy for untrust-dmz:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
