Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Experiment on modifying default rules and releasing telnet Traffic by USG Firewall

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

R1 in the configuration:

[R1]inter

[R1]interface e0/0/0

[R1-Ethernet0/0/0]ip add

[R1-Ethernet0/0/0]ip address 192.168.2.2 24

[R1]ip route-static 192.168.1.0 192.168.2.1 static route 255.255.255.0

Turn on Virtual Terminal Services

[R1]user-interface vty 0 4

[R1-ui-vty0-4]set authentication password

[R1-ui-vty0-4]set authentication password cipher 666

[R1-ui-vty0-4]user privilege level 3

Configuration of R2

[R2]interface e0/0/0

[R2-Ethernet0/0/0]ip add 192.168.1.2 24

[R2-Ethernet0/0/0]q

[R2]ip route-static 192.168.2.0 24 192.168.1.1

[R2]user-interface vty 0 4

[R2-ui-vty0-4]authentication-mode password

[R2-ui-vty0-4]set authentication password cipher 666

[R2-ui-vty0-4]user privilege level 3

firewall configuration

Configuration Interface Address:

interface GigabitEthernet0/0/0

ip address 192.168.2.1 255.255.255.0

interface GigabitEthernet0/0/1

ip address 192.168.1.1 255.255.255.0

Create a zone outside, set priority 30, and add interface G0/0/1 to the zone

firewall zone name outside

set priority 30

add interface GigabitEthernet0/0/1

View Area Default Policy

[SRG]display policy interzone local outside outbound

policy interzone local outside outbound

firewall default packet-filter is permit

Check if you can ping an external router. It's okay.

change the default policy

[SRG]firewall packet-filter default deny interzone local outside direction outbound

Check if you can ping an external router. It's not allowed,

Restore Default Policy

[SRG]firewall packet-filter default permit interzone local outside direction outbound

Check if R1 and R2 can telnet and ping, the result should be no.

How to let R1telnet to R2 and ping through, to allow outbound traffic between trust and outside, as follows:

Release outbound telnet and ICMP traffic

[SRG]policy interzone trust outside outbound

[SRG-policy-interzone-trust-outside-outbound]policy 1

[SRG-policy-interzone-trust-outside-outbound-1]policy source 192.168.2.2 0

[SRG-policy-interzone-trust-outside-outbound-1]policy destination 192.168.1.2 0

[SRG-policy-interzone-trust-outside-outbound-1]policy service service-set icmp telnet

[SRG-policy-interzone-trust-outside-outbound-1]action permit

[SRG-policy-interzone-trust-outside-outbound-1]q

[SRG-policy-interzone-trust-outside-outbound]q

Use R1 to telnet R2, log in successfully and then view the session table on the firewall

[SRG]display firewall session table

Current Total Sessions : 1

icmp ×××:public --> public 192.168.2.2:53419-->192.168.1.2:2048

[SRG]display firewall session table

09:46:55 2018/05/11

Current Total Sessions : 0

Consider how to release telnet from an outside host to an internal router???

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report