溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點(diǎn)擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

2-華為防火墻:安全策略分類

發(fā)布時間:2020-07-11 21:09:15 來源:網(wǎng)絡(luò) 閱讀:947 作者:第七_(dá)感 欄目:安全技術(shù)

一、實(shí)驗(yàn)拓?fù)洌?br/>2-華為防火墻:安全策略分類
二、實(shí)驗(yàn)要求:
ASA中只能定義個主機(jī)或者一個范圍,SRG可以同時定義主機(jī)、范圍;
從虛擬防火墻的到物理防火墻也是Inbound,華為里管理類型防火墻就是思科的管理子防火墻;
三、命令部署:
1、R1、R2、R3地址省略,部署默認(rèn)路由到USG:
[R1]ip route-static 0.0.0.0 0.0.0.0 202.100.1.10
[R2]ip route-static 0.0.0.0 0.0.0.0 192.168.1.10
[R3]ip route-static 0.0.0.0 0.0.0.0 10.1.1.10
2、USG部署:
[SRG]ip service-set aaa type object
[SRG-object-service-set-aaa]service protocol icmp
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 192.168.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-0]policy destination 202.100.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-0]policy service service-set aaa
[SRG-policy-interzone-trust-untrust-outbound-0]action permit

[SRG]display current-configuration configuration object-service-set
ip service-set aaa type object
service 0 protocol icmp
[SRG]display current-configuration configuration policy-interzone
policy interzone trust untrust outbound
policy 0
action permit
policy service service-set aaa
policy source 192.168.1.0 mask 24
policy destination 202.100.1.0 mask 24
測試:
[R2]ping 202.100.1.1
Reply from 202.100.1.1: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 202.100.1.1: bytes=56 Sequence=2 ttl=254 time=50 ms
Reply from 202.100.1.1: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 202.100.1.1: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 202.100.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms

[R1]ping 192.168.1.1
Request time out
Request time out
Request time out
Request time out
Request time out

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI