华为eNSP配置USG防火墙网络联通实验

时间:2024-10-13 16:47:54

1、一、搭建拓扑结构防火墙三台路由器两台

华为eNSP配置USG防火墙网络联通实验

2、二、配置所有设备的接口信息[R1]int g0/0/0[R1-GigabitEthernet0/0/0]ip add 10.0.10.2 24[R1-GigabitEthernet0/0/0]int s3/0/0[R1-Serial3/0/0]ip add 10.0.12.1 24[R1-Serial3/0/0]int loop 0[R1-LoopBack0]ip add 10.0.1.1 24R2]int g0/0/0[R2-GigabitEthernet0/0/0]ip add 10.0.20.1 24 [R2-GigabitEthernet0/0/0]int s3/0/0[R2-Serial3/0/0]ip add 10.0.12.2 24[R2-Serial3/0/0]int s4/0/0[R2-Serial4/0/0]ip add 10.0.23.2 24[R2-Serial4/0/0]int loop 0[R2-LoopBack0]ip add 10.0.2.2 24[R3]int s4/0/0[R3-Serial4/0/0]ip add 10.0.23.3 24[R3-Serial4/0/0]Aug 14 2017 15:00:53-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP IPCP on the interface Serial4/0/0 has entered the UP state. [R3-Serial4/0/0]int loop 0[R3-LoopBack0]ip add 10.0.3.3 24

华为eNSP配置USG防火墙网络联通实验华为eNSP配置USG防火墙网络联通实验

3、三、查看当前网络的连通性[FW1-policy-security-rule-policy_sec_2]ping 10.0.20.2 PING 10.0.20.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out[FW1]ping 10.0.12.1 PING 10.0.12.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out

华为eNSP配置USG防火墙网络联通实验

4、四、配置防火墙的包策略过滤行为security-policyrule name policy_sec_1 source-zone trust destination-zone untrust action permitrule name policy_sec_2 source-zone local source-zone untrust destination-zone local destination-zone untrust action permit

华为eNSP配置USG防火墙网络联通实验华为eNSP配置USG防火墙网络联通实验

5、五、配置OSPF协议保证网络的连通性先从R1到R3再配置FW1、FW2[R1]ospf 1 [R1-ospf-1]area 0.0.0.0 [R1-ospf-1-are锾攒揉敫a-0.0.0.0]network 10.0.10.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255 [R2]ospf 1 [R2-ospf-1]area 0.0.0.0 [R2-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255 [R3]ospf 1 [R3-ospf-1]area 0.0.0.0 [R3-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255 [FW1]ospf 1 [FW1-ospf-1]area 0.0.0.0 [FW1-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255 [FW2]ospf 1 [FW2-ospf-1]area 0.0.0.0 [FW2-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255

华为eNSP配置USG防火墙网络联通实验华为eNSP配置USG防火墙网络联通实验

6、六、查看当前各个设备的路由表,并开启防火墙端口的ping功能[FW1]dis ip rouRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7Destination/Mask Proto Pre Cost Flags NextHop Interface 10.0.10.0/24 Direct 0 0 D 10.0.10.1 GigabitEthernet1/0/0 10.0.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 10.0.12.0/24 OSPF 10 49 D 10.0.10.2 GigabitEthernet1/0/0 10.0.20.0/24 OSPF 10 50 D 10.0.10.2 GigabitEthernet1/0/0 10.0.23.0/24 OSPF 10 97 D 10.0.10.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0开启ping功能service-manager ping enable

华为eNSP配置USG防火墙网络联通实验华为eNSP配置USG防火墙网络联通实验华为eNSP配置USG防火墙网络联通实验

7、七、测试网络的连通性[FW1]ping 10.0.20.2 PING 10.0.20.2: 56 data bytes, press CTRL_C to break Reply from 10.0.20.2: bytes=56 Sequence=1 ttl=253 time=23 ms Reply from 10.0.20.2: bytes=56 Sequence=2 ttl=253 time=21 ms Reply from 10.0.20.2: bytes=56 Sequence=3 ttl=253 time=15 ms Reply from 10.0.20.2: bytes=56 Sequence=4 ttl=253 time=21 ms Reply from 10.0.20.2: bytes=56 Sequence=5 ttl=253 time=20 ms --- 10.0.20.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/20/23 ms

华为eNSP配置USG防火墙网络联通实验华为eNSP配置USG防火墙网络联通实验
© 2025 一点知道
信息来自网络 所有数据仅供参考
有疑问请联系站长 site.kefu@gmail.com