华为Eudemon200防火墙透明模式配置一例

来源：互联网发布：php去除html标签编辑：程序博客网时间：2024/05/02 02:59

<Eudemon>dis cu
#
sysname Eudemon
#
nat alg enable ftp
nat alg enable dns
nat alg enable icmp
nat alg enable netbios
undo nat alg enable h323
undo nat alg enable hwcc
undo nat alg enable ils
undo nat alg enable pptp
undo nat alg enable qq
undo nat alg enable msn
undo nat alg enable user-define
undo nat alg enable rtsp
firewall session aging-time ftp 3000
firewall session aging-time http 3000
firewall permit sub-ip
#
firewall mode transparent                   #将防火墙定义为透明模式
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0                  #将接口E0/0/0启用
undo shutdown
#
interface Ethernet0/0/1                  #将接口E0/0/1启用
undo shutdown
#
interface NULL0
#
interface LoopBack0
#
acl number 3001                             #定义inbound策略
rule 5 permit icmp
rule 10 permit tcp destination 192.168.1.2 0 destination-port eq 7000
rule 15 permit tcp destination 192.168.1.2 0 destination-port eq 7001
rule 20 deny ip
acl number 3002                             #定义outbound策略
rule 5 permit icmp
rule 10 permit ip
#
firewall zone local
set priority 100
#
firewall zone trust                        #将接口e0/0/1划分到trust区域
set priority 85
add interface Ethernet0/0/1
#
firewall zone untrust                       #将接口e0/0/0划分到untrust区域
set priority 5
add interface Ethernet0/0/0
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local dmz
#
firewall interzone trust untrust                    #在trust和untrust区域间确定流量策略
packet-filter 3001 inbound
packet-filter 3002 outbound
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
<Eudemon>

华为Eudemon200防火墙透明模式配置一例

无忧网客联盟专业讨论网络技术，CCNA CCNP CCIE CCSP

文章转载至http://bbs.net527.cn 无忧网客联盟