系统集成论坛

标题: Web 举例：业务接口工作在三层，上下行连接交换机的主 [打印本页]

作者: 胡振宇 时间: 2015-11-26 14:38
标题: Web 举例：业务接口工作在三层，上下行连接交换机的主
#
hrp enable
hrp interface GigabitEthernet 1/0/7
#
interface GigabitEthernet 1/0/1
ip address 10.2.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 1.1.1.1 255.255.255.0
active
#
interface GigabitEthernet 1/0/3
ip address 10.3.0.1 255.255.255.0
vrrp vrid 2 virtual-ip 10.3.0.3 active
#
interface GigabitEthernet 1/0/7
ip address 10.10.0.1 255.255.255.0
#
firewall zone trust
set priority 85
add interface GigabitEthernet 1/0/3
#
firewall zone untrust
set priority 5
add interface GigabitEthernet 1/0/1
#
firewall zone dmz
set priority 50
add interface GigabitEthernet 1/0/7
#
ip route-static 0.0.0.0 0.0.0.0
GigabitEthernet1/0/1 1.1.1.2
#
nat address-group 1
section 0 1.1.1.1 1.1.1.1
#
security-policy
rule name policy_sec
source-zone trust
destination-zone untrust
action permit
#
nat-policy
rule name policy_nat
source-zone trust
destination-zone untrust
action nat address-group 1
#
hrp enable
hrp standby-device
hrp interface GigabitEthernet 1/0/7
#
interface GigabitEthernet 1/0/1
ip address 10.2.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 1.1.1.1 255.255.255.0
standby
#
interface GigabitEthernet 1/0/3
ip address 10.3.0.2 255.255.255.0
vrrp vrid 2 virtual-ip 10.3.0.3 standby
#
interface GigabitEthernet 1/0/7
ip address 10.10.0.2 255.255.255.0
#
firewall zone trust
set priority 85
add interface GigabitEthernet 1/0/3
#
firewall zone untrust
set priority 5
add interface GigabitEthernet 1/0/1
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/7
#
ip route-static 0.0.0.0 0.0.0.0
GigabitEthernet1/0/1 1.1.1.2
#
nat address-group 1
section 0 1.1.1.1 1.1.1.1
#
security-policy
rule name policy_sec
source-zone trust
destination-zone untrust
action permit
#
nat-policy
rule name policy_nat
source-zone trust
destination-zone untrust
action nat address-group 1
HUAWEI USG6000 系列 & NGFW Module
典型配置案例4 可靠性部署
文档版本 04 (2015-07-30) 华为专有和保密信息
版

欢迎光临系统集成论坛 (http://bbs.xtjc.com/)