系统集成论坛

标题: 以前做过的小项目 [打印本页]
作者: ludi    时间: 2010-8-12 16:35
标题: 以前做过的小项目
[attach]1352[/attach]

MASTER


18:13:24  2010/07/03
#
sysname USG5360
#
web-manager enable
web-manager security enable
#
hrp enable
hrp mirror session enable
hrp interface GigabitEthernet0/0/3
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local vzone direction inbound
firewall packet-filter default permit interzone local vzone direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust vzone direction inbound
firewall packet-filter default permit interzone trust vzone direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone untrust vzone direction inbound
firewall packet-filter default permit interzone untrust vzone direction outbound
firewall packet-filter default permit interzone dmz vzone direction inbound
firewall packet-filter default permit interzone dmz vzone direction outbound
#
nat address-group 1 192.168.2.9 192.168.2.9 vrrp 1
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
ip address 192.168.2.7 255.255.255.240
vrrp vrid 1 virtual-ip 192.168.2.9 master
hrp track master
#
interface GigabitEthernet0/0/1
ip address 192.168.0.254 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.0.250 master
hrp track master
#
interface GigabitEthernet0/0/2
#                                         
interface GigabitEthernet0/0/3
ip address 1.1.1.2 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 master
hrp track master
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/3
#                                         
firewall zone vzone
set priority 0
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 0.0.0.255
address-group 1
#
aaa
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web terminal telnet
local-user admin level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
right-manager server-group               
#
slb
#
ospf 1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
HRP_M[USG5360]









SLAVE



18:14:07  2010/07/03
#
sysname USG5360
#
web-manager enable
web-manager security enable
#
hrp enable
hrp mirror session enable
hrp interface GigabitEthernet0/0/3
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local vzone direction inbound
firewall packet-filter default permit interzone local vzone direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust vzone direction inbound
firewall packet-filter default permit interzone trust vzone direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone untrust vzone direction inbound
firewall packet-filter default permit interzone untrust vzone direction outbound
firewall packet-filter default permit interzone dmz vzone direction inbound
firewall packet-filter default permit interzone dmz vzone direction outbound
#
nat address-group 1 192.168.2.9 192.168.2.9 vrrp 1
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
ip address 192.168.2.8 255.255.255.240
vrrp vrid 1 virtual-ip 192.168.2.9 slave
hrp track slave
#
interface GigabitEthernet0/0/1
ip address 192.168.0.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.0.250 slave
hrp track slave
#
interface GigabitEthernet0/0/2
#                                         
interface GigabitEthernet0/0/3
ip address 1.1.1.3 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 slave
hrp track slave
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/3
#                                         
firewall zone vzone
set priority 0
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 0.0.0.255
address-group 1
#
aaa
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web terminal telnet
local-user admin level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
right-manager server-group               
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
作者: 思考的牛    时间: 2010-8-12 22:49
感谢分享!
作者: zzqs0123    时间: 2010-9-18 07:45
来看看 有什么热闹的?嘻嘻
作者: sweet887    时间: 2011-7-13 15:33
看看
作者: 渝狼    时间: 2011-7-15 12:57
回复 1# ludi


   非常谢谢分享
作者: contrl    时间: 2011-8-23 10:16
看了 不错 这个自己实践一遍就记住了
作者: 我是新手    时间: 2011-8-23 15:52
人人为我,那会使人堕入地狱,
我为人人,就是人间天使!
作者: hf421521    时间: 2011-9-27 16:36
灰常感谢,了解了解
作者: gzhq    时间: 2011-11-3 12:47
have a look
作者: unssey    时间: 2011-11-26 14:26
那些代码没看懂·~!
作者: unssey    时间: 2011-11-26 14:26
没看懂~~



欢迎光临 系统集成论坛 (http://bbs.xtjc.com/) Powered by Discuz! X3.1