H3C 防火墙基本配置

防火墙基础配置

# 修改设备名称
sysname KL_HC_JT_FW_01

# 账号密码修改以及服务权限
local-user admin class manage
 password simple KLL!@#2021
 service-type ssh terminal https
 authorization-attribute user-role level-3
 authorization-attribute user-role network-admin
 authorization-attribute user-role network-operator
 password-control login-attempt 10 exceed lock-time 30

# 开启远程ssh，关闭telnet
ssh server enable
undo telnet server enable

# 远程登录身份认证
line vty 0 4
 authentication-mode scheme
 user-role network-admin

# 开启web界面登录
ip https enable
undo ip http enable

# 开启lldp
lldp global enable 

# 配置管理口地址,如果出现故障可以直连管理口登录防火墙
security-zone name Management
import interface GigabitEthernet 1/0/1
quit
# 配置地址
interface GigabitEthernet1/0/11
ip address 192.168.0.1 24
undo shutdown

# 防火墙安全策略配置
# 允许local到所有区域
security-policy ip   # IP策略
 rule 1 name local-any  # 序号1，名称local-any
  action pass           # 动作pass允许通过
  logging enable        # 记录日志
  source-zone Local     # 源安全区域
  destination-zone Any  # 目的安全区域
 rule 2 name trust-untrust  # 序号2
  action pass           # 动作pass允许通过
  logging enable        # 记录日志
  source-zone trust     # 源安全区域
  destination-zone untrust  # 目的安全区域
# 移动安全区域顺序
move rule rule-id before insert-rule-id # 移动安全策略到哪条安全策略之前

# 保存配置
save f