华为USG5500防火墙配置实验一

华为USG5500防火墙配置实验1、实验拓扑内网：192.168.0.0/24外网：192.168.1.0/24其他设备地址规划如图，按照拓扑图搭建网络，并配置设备地址2、具体配置命令AR1Huaweisystem-view[Huawei]sysnameAR1[AR1]interfaceg0/0/0[AR1-GigabitEthernet0/0/0]ipaddress192.168.0.15024[AR1-GigabitEthernet0/0/0]quit退出[AR1]iproute-static0.0.0.00.0.0.0192.168.0.1配置默认路由AR1开启Telnet服务[AR1]user-interfacevty04开启远程线程[AR1-ui-vty0-4]au[AR1-ui-vty0-4]authentication-modepassword认证方式为passwordPleaseconfiguretheloginpassword(maximumlength16):888登录密码[AR1-ui-vty0-4]userprivilegelevel3设置用户等级[AR1-ui-vty0-4]AR2Huaweisystem-view[Huawei]sysnameAR2[AR2]interfaceg0/0/0[AR2-GigabitEthernet0/0/0]ipadd[AR2-GigabitEthernet0/0/0]ipaddress192.168.1.15024[AR2-GigabitEthernet0/0/0]q[AR1]iproute-static0.0.0.00.0.0.0192.168.1.1AR2配置TelnetAR2]us[AR2]user-interfacev[AR2]user-interfacevty04[AR2-ui-vty0-4]au[AR2-ui-vty0-4]authentication-modep[AR2-ui-vty0-4]authentication-modepasswordPleaseconfiguretheloginpassword(maximumlength16):666或者[AR2-ui-vty0-4]setauthenticationpasswordcipher666[AR2-ui-vty0-4]userprivilegelevel3[AR2-ui-vty0-4]q防火墙配置：Thedeviceisrunning!SRGsystem-view[SRG]sysnameFW1[FW1]interfaceg0/0/0[FW1-GigabitEthernet0/0/0]ipadd192.168.0.124Warning:Addressalreadyexists!默认接口地址已经存在，不用管[FW1-GigabitEthernet0/0/0]q[FW1]interfaceg0/0/1[FW1-GigabitEthernet0/0/1]ipadd192.168.1.124[FW1-GigabitEthernet0/0/1]q[FW1]displayzone显示区域配置localpriorityis100#trustpriorityis85interfaceofthezoneis(1):GigabitEthernet0/0/0#untrustpriorityis5interfaceofthezoneis(0):#dmzpriorityis50interfaceofthezoneis(0):#[FW1][FW1]firewallzonenameoutside创建一个名字为outside的区域[FW1-zone-outside]setpriority30设置安全等级为30[FW1-zone-outside]q[FW1]firewallzonenameinside[FW1-zone-inside]setpriority90[FW1-zone-inside]q[FW1]displayzone[FW1]firewallzoneoutside进入outside区域，把接口g0/0/1接入该区域[FW1-zone-outside]addinterfaceGigabitEthernet0/0/1[FW1-zone-outside]displaythis显示当前的配置#firewallzonenameoutsidesetpriority30addinterfaceGigabitEthernet0/0/1#return[FW1-zone-outside]q[FW1]displaypolicyall查看策略policyzonelocal#policyzonetrust#policyzoneuntrust#policyzonedmz#policyzoneoutside#policyzoneinside#policyinterzonelocaltrustinboundfirewalldefaultpacket-filterispermit#policyinterzonelocaltrustoutboundfirewalldefaultpacket-filterispermit#policyinterzonelocaluntrustinboundfirewalldefaultpacket-filterisdeny#policyinterzonelocaluntrustoutboundfirewalldefaultpacket-filterispermit#policyinterzonelocaldmzinboundfirewalldefaultpacket-filterisdeny#policyinterzonelocaldmzoutboundfirewalldefaultpacket-filterispermit#policyinterzonelocaloutsideinboundfirewalldefaultpacket-filterisdeny#policyinterzonelocaloutsideoutboundfirewalldefaultpacket-filterispermit#policyinterzonelocalinsideinboundfirewalldefaultpacket-filterisdeny#policyinterzonelocalinsideoutboundfirewalldefaultpacket-filterispermit#policyinterzonetrustuntrustinboundfirewalldefaultpacket-filterisdeny#policyinterzonetrustuntrustoutboundfirewalldefaultpacket-filterisdeny#policyinterzonetrustdmzinboundfirewalldefaultpacket-filterisdeny#policyinterzonetrustdmzoutboundfirewalldefaultpacket-filterisdeny#policyinterzonetrustoutsideinboundfirewalldefaultpacket-filterisdeny#policyinterzonetrustoutsideoutboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsidetrustinboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsidetrustoutboundfirewalldefaultpacket-filterisdeny#policyinterzonedmzuntrustinboundfirewalldefaultpacket-filterisdeny#policyinterzonedmzuntrustoutboundfirewalldefaultpacket-filterisdeny#policyinterzoneoutsideuntrustinboundfirewalldefaultpacket-filterisdeny#policyinterzoneoutsideuntrustoutboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsideuntrustinboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsideuntrustoutboundfirewalldefaultpacket-filterisdeny#policyinterzonedmzoutsideinboundfirewalldefaultpacket-filterisdeny#policyinterzonedmzoutsideoutboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsidedmzinboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsidedmzoutboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsideoutsideinboundfirewalldefaultpacket-filterisdeny#policyinterzoneinsideoutsideoutboundfirewalldefaultpacket-filterisdeny#[FW1]创建策略放行outbound流量[FW1]policyinterzonetrustoutsideoutbound定义outbound流量[FW1-policy-interzone-trust-outside-outbound]poli[FW1-policy-interzone-trust-outside-outbound]policy1[FW1-policy-interzone-trust-outside-outbound-1]poli[FW1-policy-interzone-trust-outside-outbound-1]policyso[FW1-policy-interzone-trust-outside-outbound-1]policysource192.168.0.150001:27:132016/11/15[FW1-policy-interzone-trust-outside-outbound-1]poli[FW1-policy-interzone-trust-outside-outbound-1]policyde[FW1-policy-interzone-trust-outside-outbound-1]policydestinationany01:27:252016/11/15[FW1-policy-interzone-trust-outside-outbound-1]ac[FW1-policy-interzone-trust-outside-outbound-1]actionp[FW1-policy-interzone-trust-outside-outbound-1]actionpermit01:27:342016/11/15[FW1-policy-interzone-trust-outside-outbound-1][FW1-policy-interzone-trust-outside-outbound-1]q01:27:372016/11/15[FW1-policy-interzone-trus