设为首页收藏本站
开启辅助访问 切换到宽版
监控安装 ERP

系统集成论坛

 找回密码
 注册通行证

QQ登录

只需一步,快速开始

系统集成论坛»系统集成论坛 计算机信息系统集成 网络技术 史上最全的Eudemon100防火墙配置
路由器交换机防火墙系统集成商城 优质产品采购平台
返回列表 发新帖
查看: 2341|回复: 1
打印 上一主题 下一主题

史上最全的Eudemon100防火墙配置

[复制链接]
liuyong3349

0

主题

10

帖子

17

积分

实习生
跳转到指定楼层
1
发表于 2011-1-10 14:47:38 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
华为金牌代理
史上最全的Eudemon100防火墙配置     集上网时间控制 、P2P控制、IP&MAC地址绑定、L2TP-VPN 等于一身,希望对大家能有所帮助。
sysname *****
#
super password level 1 simple ****
super password level 3 simple ****
#
service modem-callback
#
web-manager enable
web-manager security enable
#
l2tp enable
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
nat address-group 0 *.*.*.* *.*.*.*
nat alg enable esp
nat alg enable ftp
nat alg enable dns
nat alg enable icmp
nat alg enable netbios
undo nat alg enable h323
undo nat alg enable hwcc
undo nat alg enable ils
undo nat alg enable pptp
undo nat alg enable qq
undo nat alg enable msn
undo nat alg enable user-define
undo nat alg enable sip
undo nat alg enable mgcp
undo nat alg enable mms
undo nat alg enable sqlnet
undo nat alg enable rtsp
firewall permit sub-ip
#
dhcp server forbidden-ip 192.168.1.1
dhcp enable
#
firewall statistic system enable
#
qos policy 1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
ip address *.*.*.* *.*.*.*
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
ip address 192.168.2.2 255.255.255.0
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
ip address 192.168.1.1 255.255.255.0
#
interface Virtual-Template0
ppp authentication-mode chap
ip address 10.10.10.1 255.255.255.0
remote address pool 1
#
interface Virtual-Template1
ppp authentication-mode chap
remote address pool 1
#
interface Secp0/0/0
#
interface NULL0
#
right-manager server-group
#
ip port-set a protocol udp
#
acl number 2001
rule 5 permit
acl number 2002
rule 5 permit source 0.0.0.0 255.255.255.0
#
acl number 3000
rule 5 permit ip
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface Ethernet0/0/3
add interface Ethernet0/0/4
#
firewall zone untrust
set priority 5
add interface Ethernet0/0/0
add interface Virtual-Template0
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
packet-filter 3001 inbound
packet-filter 3001 outbound
#
firewall interzone local untrust
p2p-car 2001 class 0 inbound
p2p-detect enable
p2p-detect mode default
p2p-detect mode behavior
#
firewall interzone local dmz
#
firewall interzone trust untrust
packet-filter 3001 inbound
packet-filter 3001 outbound
nat outbound 2001 address-group 0
p2p-car 2001 class 0 inbound
p2p-detect enable
p2p-detect mode default
p2p-detect mode behavior
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
l2tp-group 1
mandatory-lcp
undo tunnel authentication
allow l2tp virtual-template 0
tunnel name gzlm
#
aaa
local-user **** password simple *****
local-user ****service-type ppp web_auth web bind terminal telnet auth ssh
local-user **** level 3
local-user **** password simple *****
local-user **** service-type ppp web_auth web bind terminal telnet auth ssh
local-user **** level 3
local-user **** password simple *****
local-user **** service-type ppp web_auth web bind terminal telnet auth ssh
local-user **** level 3
local-user t**** password simple *****
local-user **** service-type ppp
local-user **** password simple ******
local-user ****service-type ppp web_auth web bind terminal telnet auth ssh
local-user ****level 3
local-user **** password simple ******
local-user **** service-type web
local-user **** level 3
local-user **** password simple *****
local-user **** service-type ppp web_auth web bind terminal telnet auth ssh
local-user **** level 3
local-user  **** password simple ******
local-user ***** service-type ppp web_auth web bind terminal telnet auth ssh
local-user **** level 3
ip pool 1 10.10.10.11 10.10.10.111
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#
p2p-class 0
cir default 50
cir 50 index 1 time-range work-time
#
p2p-class 2
cir 0 index 2 time-range work-time
#
#
ip route-static 0.0.0.0 0.0.0.0 *.*.*.*
#
acl accelerate enable
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
lock authentication-count 5
set authentication password simple ******

评分

1

查看全部评分

回复

使用道具 举报

2
发表于 2011-1-10 19:21:56 | 只看该作者
华为金牌代理
和思科设备的调试差不多啊,都是命令行,不过命令不同
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册通行证

本版积分规则

联系我们| 手机版|系统集成论坛 ( 京ICP备11008917号 )

GMT+8, 2024-11-23 16:57 , Processed in 0.261142 second(s), 25 queries .

系统集成论坛

BBS.XTJC.COM

快速回复 返回顶部 返回列表