phoebus999的博客

导航

 
h3c防火墙配置模板 
 clock timezone BeiJing add 08:00:00

 security-zone intra-zone default permit
 session top-statistics enable
#
nat address-group 1
 address x.x.x.x x.x.x.x
#
 lldp global enable
#

interface GigabitEthernet1/0/0
 port link-mode route
 description to_ISP
 combo enable copper
 ip address x.x.x.x 27
 nat outbound 2001 address-group 1
 nat server protocol tcp global x.x.x.x 1011 inside 10.80.1.11 22 rule ServerRule_1
#
interface GigabitEthernet1/0/1
 port link-mode route
 combo enable fiber
#
interface GigabitEthernet1/0/4
 port link-mode route
 ip address 10.0.0.2 255.255.255.252
 packet-filter 3000 inbound
#

#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
security-zone name Inside
 import interface GigabitEthernet1/0/4
#
security-zone name Outside
 import interface GigabitEthernet1/0/0
#
object-policy ip allpass
 rule 0 pass
#
zone-pair security source Any destination Local
 object-policy apply ip allpass
#
zone-pair security source Inside destination Outside
 object-policy apply ip allpass
#
zone-pair security source Local destination Any
 object-policy apply ip allpass
#
zone-pair security source Outside destination Inside
 object-policy apply ip allpass
#

line vty 0 63
 authentication-mode scheme
 user-role network-admin
 protocol inbound ssh
#
 ip route-static 0.0.0.0 0 101.20.249.17
 ip route-static 192.168.29.0 24 10.0.0.1
#
 ssh server enable
 scp server enable
#
acl basic 2001
 description for_NAT
 rule 100 permit
#
acl advanced 3000
 description for_Server_Access
 rule 3 permit ip destination z.z.z.z 0
 rule 5 permit ip destination 10.0.0.0 0.0.0.255
 rule 101 deny tcp source-port eq 22
 rule 1000 permit ip
#
acl advanced 3001
 rule 3 permit tcp source z.z.z.z 0
 rule 51 deny tcp destination-port eq 22
 rule 100 permit ip
#
local-user admin class manage
 password simple xxxxxxxx
 service-type ssh terminal
 authorization-attribute user-role level-3
 authorization-attribute user-role network-admin

security-policy ip
 rule 0 name allpass-0
  action pass
  source-zone Inside
  destination-zone Outside
 rule 1 name allpass-1
  action pass
  source-zone Outside
  destination-zone Inside
 rule 2 name allpass-2
  action pass
  source-zone Local
 rule 3 name allpass-3
  action pass
  destination-zone Local
#
posted on 2022-06-02 13:55  phoebus999  阅读(116)  评论(0编辑  收藏  举报
 
Powered by:
博客园
Copyright © 2025 phoebus999
Powered by .NET 9.0 on Kubernetes