以前做过的小项目

ludi · 发表于 2010-8-12 16:35:04

MASTER

18:13:24  2010/07/03
#
sysname USG5360
#
web-manager enable
web-manager security enable
#
hrp enable
hrp mirror session enable
hrp interface GigabitEthernet0/0/3
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local vzone direction inbound
firewall packet-filter default permit interzone local vzone direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust vzone direction inbound
firewall packet-filter default permit interzone trust vzone direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone untrust vzone direction inbound
firewall packet-filter default permit interzone untrust vzone direction outbound
firewall packet-filter default permit interzone dmz vzone direction inbound
firewall packet-filter default permit interzone dmz vzone direction outbound
#
nat address-group 1 192.168.2.9 192.168.2.9 vrrp 1
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
ip address 192.168.2.7 255.255.255.240
vrrp vrid 1 virtual-ip 192.168.2.9 master
hrp track master
#
interface GigabitEthernet0/0/1
ip address 192.168.0.254 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.0.250 master
hrp track master
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
ip address 1.1.1.2 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 master
hrp track master
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/3
#
firewall zone vzone
set priority 0
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 0.0.0.255
address-group 1
#
aaa
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web terminal telnet
local-user admin level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
right-manager server-group
#
slb
#
ospf 1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
HRP_M[USG5360]

SLAVE

18:14:07  2010/07/03
#
sysname USG5360
#
web-manager enable
web-manager security enable
#
hrp enable
hrp mirror session enable
hrp interface GigabitEthernet0/0/3
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local vzone direction inbound
firewall packet-filter default permit interzone local vzone direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust vzone direction inbound
firewall packet-filter default permit interzone trust vzone direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone untrust vzone direction inbound
firewall packet-filter default permit interzone untrust vzone direction outbound
firewall packet-filter default permit interzone dmz vzone direction inbound
firewall packet-filter default permit interzone dmz vzone direction outbound
#
nat address-group 1 192.168.2.9 192.168.2.9 vrrp 1
#
firewall statistic system enable
#
interface GigabitEthernet0/0/0
ip address 192.168.2.8 255.255.255.240
vrrp vrid 1 virtual-ip 192.168.2.9 slave
hrp track slave
#
interface GigabitEthernet0/0/1
ip address 192.168.0.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.0.250 slave
hrp track slave
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
ip address 1.1.1.3 255.255.255.0
vrrp vrid 3 virtual-ip 1.1.1.1 slave
hrp track slave
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet0/0/3
#
firewall zone vzone
set priority 0
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 0.0.0.255
address-group 1
#
aaa
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web terminal telnet
local-user admin level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
right-manager server-group
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return

思考的牛 · 发表于 2010-8-12 22:49:37

感谢分享！

zzqs0123 · 发表于 2010-9-18 07:45:47

来看看有什么热闹的?嘻嘻

sweet887 · 发表于 2011-7-13 15:33:26

看看

渝狼 · 发表于 2011-7-15 12:57:06

回复 1# ludi

非常谢谢分享

contrl · 发表于 2011-8-23 10:16:35

看了不错这个自己实践一遍就记住了

我是新手 · 发表于 2011-8-23 15:52:55

人人为我，那会使人堕入地狱，
我为人人，就是人间天使！

hf421521 · 发表于 2011-9-27 16:36:29

灰常感谢，了解了解

gzhq · 发表于 2011-11-3 12:47:37

have a look

unssey · 发表于 2011-11-26 14:26:06

那些代码没看懂·～！

		自动登录	找回密码
密码			注册通行证

以前做过的小项目

本帖子中包含更多资源

评分