Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

2-Huawei Firewall: security Policy Classification

2025-03-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1. Experimental topology:

2. Experimental requirements:

Only one host or scope can be defined in ASA, and SRG can define host and scope at the same time.

From virtual firewall to physical firewall is also Inbound, and Huawei's management firewall is Cisco's management sub-firewall.

III. Order deployment:

1. R1, R2, R3 addresses are omitted and default routes are deployed to USG:

[R1] ip route-static 0.0.0.0 0.0.0.0 202.100.1.10

[R2] ip route-static 0.0.0.0 0.0.0.0 192.168.1.10

[R3] ip route-static 0.0.0.0 0.0.0.0 10.1.1.10

2. USG deployment:

[SRG] ip service-set aaa type object

[SRG-object-service-set-aaa] service protocol icmp

[SRG] policy interzone trust untrust outbound

[SRG-policy-interzone-trust-untrust-outbound] policy 0

[SRG-policy-interzone-trust-untrust-outbound-0] policy source 192.168.1.0 mask 24

[SRG-policy-interzone-trust-untrust-outbound-0] policy destination 202.100.1.0 mask 24

[SRG-policy-interzone-trust-untrust-outbound-0] policy service service-set aaa

[SRG-policy-interzone-trust-untrust-outbound-0] action permit

[SRG] display current-configuration configuration object-service-set

Ip service-set aaa type object

Service 0 protocol icmp

[SRG] display current-configuration configuration policy-interzone

Policy interzone trust untrust outbound

Policy 0

Action permit

Policy service service-set aaa

Policy source 192.168.1.0 mask 24

Policy destination 202.100.1.0 mask 24

Test:

[R2] ping 202.100.1.1

Reply from 202.100.1.1: bytes=56 Sequence=1 ttl=254 time=50 ms

Reply from 202.100.1.1: bytes=56 Sequence=2 ttl=254 time=50 ms

Reply from 202.100.1.1: bytes=56 Sequence=3 ttl=254 time=40 ms

Reply from 202.100.1.1: bytes=56 Sequence=4 ttl=254 time=30 ms

Reply from 202.100.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms

[R1] ping 192.168.1.1

Request time out

Request time out

Request time out

Request time out

Request time out

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Firewall Fire Protection Host scope Lab Management Huawei meanwhile Command address namely Topology Physics Type routing Cisco Test Security Policy Classification vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Shulou Technology vpn Apple NVidia OPPO Reno Shulou Information Xiaomi Docker Linux Redmi MySQL Microsoft macOS Huawei Shulou Tech Info MariaDB Shulou Technology vpn Apple NVidia OPPO Reno Shulou Information Xiaomi Docker Linux Redmi MySQL Microsoft macOS Huawei Shulou Tech Info

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report