Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Huawei USG Firewall configuration

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Networking requirements:

Demand 1

Users of the 10.1.1.0 Universe 24 segment of the company's Trust area can access Internet, and other segments of the security zone

Users cannot access it. The range of legitimate IP addresses provided to access the external network is 202.1.1.100 Murray 202.1.1.200.

Demand 2

Provide FTP and Web servers for external network users to access. The internal IP address of FTP Server is

192.168.1.200, port number is the default value 21. The internal IP address of the Web Server is 192.168.1.100 and port is 80. Two

The published addresses are 202.1.1.10, and the port numbers used are the default values, that is, 21 and 80.

Topology:

Firewall configuration:

#

Interface GigabitEthernet0/0/1

Ip address 10.1.1.254 255.255.255.0

#

Interface GigabitEthernet0/0/2

Ip address 202.1.1.254 255.255.255.0

#

Interface GigabitEthernet0/0/3

Ip address 192.168.1.254 255.255.255.0

#

Firewall zone trust

Set priority 85

Add interface GigabitEthernet0/0/0

Add interface GigabitEthernet0/0/1

#

Firewall zone untrust

Set priority 5

Add interface GigabitEthernet0/0/2

#

Firewall zone dmz

Set priority 50

Add interface GigabitEthernet0/0/3

#

Nat address-group 1 202.1.1.100 202.1.1.200

Nat server 0 protocol tcp global 202.1.1.10 ftp inside 192.168.1.200 ftp

Nat server 1 protocol tcp global 202.1.1.10 www inside 192.168.1.100 www

#

Policy interzone trust untrust outbound

Policy 0

Action permit

Policy source 10.1.1.0 0.0.0.255

#

Policy interzone dmz untrust inbound

Policy 0

Action permit

Policy service service-set http

Policy destination 192.168.1.100 0

Policy 1

Action permit

Policy service service-set ftp

Policy destination 192.168.1.200 0

#

Nat-policy interzone trust untrust outbound

Policy 0

Action source-nat

Policy source 10.1.1.0 0.0.0.255

Address-group 1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Address user demand area slogan network segment network external firewall configuration fire prevention legality security company topology server port range service Huawei vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Xiaomi macOS Shulou Information Linux MySQL vpn MariaDB Apple Huawei Shulou Technology OPPO Reno Docker Redmi Shulou Tech Info Microsoft NVidia Xiaomi macOS Shulou Information Linux MySQL vpn MariaDB Apple Huawei Shulou Technology OPPO Reno Docker Redmi Shulou Tech Info Microsoft NVidia

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report