防火墙登录方式

在这里插入图片描述
1.通过telnet方式登录
[USG6000V1]telnet server enable //设备开启Telnet功能
[USG6000V1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
配置接口访问控制功能
[USG6000V1-GigabitEthernet1/0/1]service-manage enable
[USG6000V1-GigabitEthernet1/0/1]service-manage telnet
配置接口加入安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add interface GigabitEthernet 1/0/1
配置VTY管理员认证方式为AAA
[USG6000V1]user-interface vty 0 4
[USG6000V1-ui-vty0-4]authentication-mode aaa
[USG6000V1-ui-vty0-4]protocol inbound telnet
[USG6000V1-ui-vty0-4]user privilege level 3
配置TELNET管理员
[USG6000V1]aaa
[USG6000V1-aaa-manager-user-telnetuser]password cipher 12345678
[USG6000V1-aaa-manager-user-telnetuser]service-type telnet
[USG6000V1-aaa-manager-user-telnetuser]level 3
为管理员绑定角色
[USG6000V1-aaa]bind manager-user telnetuser role system-admin
2.通过SSH方式登录
开启SSH功能
[USG6000V1]stelnet server enable
配置登录接口
[USG6000V1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
配置接口的访问控制功能
[USG6000V1-GigabitEthernet1/0/1]service-manage enable
[USG6000V1-GigabitEthernet1/0/1]service-manage ssh permit
配置接口加入安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/1
配置VTY管理员认证方式为AAA
[USG6000V1]user-interface vty 0 4
[USG6000V1-ui-vty0-4]authentication-mode aaa
[USG6000V1-ui-vty0-4]protocol inbound ssh
[USG6000V1-ui-vty0-4]user privilege level 3
创建SSH管理账号,指定认证方式和服务方式
[USG6000V1]aaa
[USG6000V1-aaa]manager-user sshuser
[USG6000V1-aaa-manager-user-sshuser]password cipher ABCabc@123
[USG6000V1-aaa-manager-user-sshuser]service-type ssh
[USG6000V1-aaa-manager-user-sshuser]level 3
为管理员绑定角色
[USG6000V1-aaa]bind manager-user sshuser role system-admin
配置SSH用户
[USG6000V1]ssh user sshuser
[USG6000V1]ssh user sshuser authentication-type password
[USG6000V1]ssh user sshuser service-type stelnet
生成本地密钥对
[USG6000V1]rsa local-key-pair create
The key name will be: USG6000V1_Host
The range of public key size is (2048 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:
Generating keys…
…+++++
…++
…++++
…++
3.通过WEB方式登录
默认设备的web服务功能已启动,如果未启动开启命令为
[USG6000V1]web-manager security enable //执行security参数,是开启https管理,否则是开启HTTP设备管理
配置登录接口
[USG6000V1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
[USG6000V1-GigabitEthernet1/0/1]service-manage enable
[USG6000V1-GigabitEthernet1/0/1]service-manage https permit
配置接口加入安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/1
配置管理员信息
[USG6000V1]aaa
[USG6000V1-aaa]manager-user webuser
[USG6000V1-aaa-manager-user-webuser]password cipher ABCabc@123
[USG6000V1-aaa-manager-user-webuser]level 3
[USG6000V1-aaa-manager-user-webuser]service-type web
[USG6000V1-aaa]bind manager-user webuser role system-admin
4.配置防火墙为FTP服务器
[USG-1]security-policy
[USG-1-policy-security]rule name ftp_backup
[USG-1-policy-security-rule-ftp_backup]source-zone trust
[USG-1-policy-security-rule-ftp_backup]destination-zone local
[USG-1-policy-security-rule-ftp_backup]service ftp
[USG-1-policy-security-rule-ftp_backup]action permit
[USG-1]int g1/0/1
[USG-1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
[USG-1]firewall zone trust
[USG-1-zone-trust]add interface GigabitEthernet 1/0/1
[USG-1]ftp server enable
[USG-1]aaa
[USG-1-aaa]manager-user ftpuser
[USG-1-aaa-manager-user-ftpuser]service-type ftp
[USG-1-aaa-manager-user-ftpuser]password cipher ABCabc@123
[USG-1-aaa-manager-user-ftpuser]level 3
[USG-1-aaa-manager-user-ftpuser]ftp-directory hda1:/

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值