那个兄弟有F100的配置案例的?
H3c的F100系列防火墙的。我在H3C的[url=http://forum.huawei-3com.com/]http://forum.huawei-3com.com/[/url]上也没看到有多少案例。 <F100-A>display version
H3C Comware Software
Comware software, Version 3.40, Feature 1647
Copyright (c) 2004-2007 Hangzhou H3C Technologies Co., Ltd.
All rights reserved.
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
H3C SecPath F100-A uptime is 0 week, 4 days, 0 hour, 43 minutes
CPU type: Mips IDT RC32438 266MHz
256M bytes DDR SDRAM Memory
16M bytes Flash Memory
Pcb Version:3.0
Logic Version:1.0
BootROM Version:1.16
[SLOT 0] 4FE (Hardware)3.0, (Driver)2.0, (Cpld)1.0
[SLOT 1] 3FE (Hardware)3.0, (Driver)2.0, (Cpld)1.0
<F100-A>display current-configuration
#
sysname F100-A
#
l2tp enable //开启vpn服务
#
firewall packet-filter enable
firewall packet-filter default permit //默认通过
#
insulate
#
firewall url-filter host enable
#
firewall statistic system enable
#
firewall mac-binding enable
#
radius scheme system
server-type extended
#
domain system
accounting optional
ip pool 0 1.1.1.35 1.1.1.62 //vpn拨号地址地
#
local-user 111//vpn用户
password simple 111111 //密码 方式明文
service-type ppp //类型PP
acl number 3001
rule 0 deny tcp source-port eq 3127
rule 1 deny tcp source-port eq 1025
rule 2 deny tcp source-port eq 5554
rule 3 deny tcp source-port eq 9996
rule 4 deny tcp source-port eq 1068
rule 5 deny tcp source-port eq 135
rule 6 deny udp source-port eq 135
rule 7 deny tcp source-port eq 137
rule 8 deny udp source-port eq netbios-ns
rule 9 deny tcp source-port eq 138
rule 10 deny udp source-port eq netbios-dgm
rule 11 deny tcp source-port eq 139
rule 12 deny udp source-port eq netbios-ssn
rule 13 deny tcp source-port eq 593
rule 14 deny tcp source-port eq 4444
rule 15 deny tcp source-port eq 5800
rule 16 deny tcp source-port eq 5900
rule 18 deny tcp source-port eq 8998
rule 19 deny tcp source-port eq 445
rule 20 deny udp source-port eq 445
rule 21 deny udp source-port eq 1434
rule 30 deny tcp destination-port eq 3127
rule 31 deny tcp destination-port eq 1025
rule 32 deny tcp destination-port eq 5554
rule 33 deny tcp destination-port eq 9996
rule 34 deny tcp destination-port eq 1068
rule 35 deny tcp destination-port eq 135
rule 36 deny udp destination-port eq 135
rule 37 deny tcp destination-port eq 137
rule 38 deny udp destination-port eq netbios-ns
rule 39 deny tcp destination-port eq 138
rule 40 deny udp destination-port eq netbios-dgm
rule 41 deny tcp destination-port eq 139
rule 42 deny udp destination-port eq netbios-ssn
rule 43 deny tcp destination-port eq 593
rule 44 deny tcp destination-port eq 4444
rule 45 deny tcp destination-port eq 5800
rule 46 deny tcp destination-port eq 5900
rule 48 deny tcp destination-port eq 8998
rule 49 deny tcp destination-port eq 445
rule 50 deny udp destination-port eq 445
rule 51 deny udp destination-port eq 1434
//防止外网攻击常用策略
interface Virtual-Template0
ppp authentication-mode pap
ip address unnumbered interface Ethernet0/0
remote address pool //建立虚模板,用于端口0/0
interface Ethernet0/0
ip address 1.1.1.1 255.255.255.192
arp-proxy enable
firewall aspf 1 inbound //设置端口/0/0ip地址,内网的 开启arp服务(用于VPN),开启aspf 入口方向(用于网页屏蔽)
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/1
add interface Ethernet0/2
add interface Ethernet0/3
set priority 85
statistic enable ip inzone
statistic enable ip outzone
#
firewall zone untrust
add interface Ethernet1/0
add interface Ethernet1/1
add interface Ethernet1/2
add interface Virtual-Template0
set priority 5
statistic enable ip inzone
statistic enable ip outzone
//将端口都加入安全端口,不然你不能访问防火墙
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
配置登陆模式,需要用户名和密码 H3C 网站不是有教你怎么配置吗 顶了````````````````
页:
[1]
