1、编辑interface
Network > Interfaces (List)
| List 5102050100 per page | | | |
|---|
| List ALL(5)Layer2(0)Layer3(3)Loopback(0)Physical(3)Tunnel(1)Unused(1)VSI(0) Interfaces | Loopback IFTunnel IFVSI IF | |
|---|
|
| Name | IP/Netmask | Zone | Type | Link | Configure |
|---|
| serial | 0.0.0.0/0 | Null | Unused | down | Edit | | | trust | 172.2.1.254/24 | Trust | Layer3 | up | Edit | | | tunnel.1 | unnumbered | Untrust | Tunnel | ready | Edit | | | untrust | 58.2.24.246/32 | Untrust | Layer3 | up | Edit | | | vlan1 | 0.0.0.0/0 | VLAN | Layer3 | down | Edit | |
| |
2、配置untrust
Network > Interfaces > Edit
|
| Interface Name | untrust (mac 0010.db39.9051) |
|---|
| As member of loopback group | none |
|---|
| Zone Name | NullTrustUntrustMGTV1-TrustV1-UntrustVLAN |
|---|
| | Obtain IP using PPPoE | Noneuntrust | Create new pppoe setting |
|---|
| | Status:Connected |
|---|
| Static IP |
|---|
| IP Address / Netmask | / Manageable |
|---|
| Manage IP | (mac 0010.db39.9051) |
|---|
| | Interface Mode | NAT Route |
|---|
| | Service Options | |
|---|
| Management Services |
| Web UI | Telnet | SSH | | SNMP | SSL |
|
|---|
| Other Services |
|
|---|
| | WebAuth | IP |
|---|
| | Traffic Bandwidth | Kbps |
|---|
|
3、创建VIP
Network > Interface > Edit > VIP/VIP Services
|
| VIP | VIP Services |
|---|
| IP Address | Configure | Virtual Port | Service(Port) | Server IP | Status | Configure |
|---|
| 58.2.24.246 | Edit | In use | 9080 | was (9080) | 172.2.1.110... | OK | Edit | Remove |
| |
这是已配置好的VIP,先增加一个VIP,再增加VIP Services,外网端口9080,映射服务端口为was(9080),映射内网主机为172.2.1.110
4、配置访问策略
<!-- script language="javascript" src="acl.js" --><!-- /script -->
|
|
|
|
|
|
|
|
|
|
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| | From Untrust To Global, total policy: 1 | | ID | Source | Destination | Service | Action | Options | Configure | Enable | Move |
|---|
| 5 | Any | VIP::1 | ANY |  |  | Edit | Clone | Remove |  |   |
| |
这是已配置好的访问策略policies,方向为Untrust 到Global
5、访问策略配置
| Name (optional) | |
|---|
| Source Address | New Address /
Address Book Entry 172.25.1.110/9080AnyDial-Up VPNXM |
|---|
| Destination Address | New Address /
Address Book Entry AnyDial-Up VPNVIP::1 |
|---|
| Service | wasANYAOLBGPDHCP-RelayDNSFINGERFTPFTP-GetFTP-PutGOPHERH.323HTTPHTTPSICMP Address MaskICMP-ANYICMP Dest UnreachableICMP Fragment NeededICMP Fragment ReassemblyICMP Host UnreachableICMP-INFOICMP Parameter ProblemICMP Port UnreachableICMP Protocol UnreachICMP RedirectICMP Redirect HostICMP Redirect TOS & HostICMP Redirect TOS & NetICMP Source QuenchICMP Source Route FailICMP Time ExceededICMP-TIMESTAMPIKEIMAPInternet Locator ServiceIRCL2TPLDAPMAILNetMeetingNFSNNTPNS GlobalNS Global PRONSMNTPOSPFPC-AnywherePINGPOP3PPTPReal MediaRIPRLOGINRSHSIPSNMPSQL*Net V1SQL*Net V2SSHSUN-RPCSYSLOGTALKTCP-ANYTELNETTFTPTRACEROUTEUDP-ANYUUCPVDO LiveWAISWINFRAMEX-WINDOWS |
|---|
| Application | NoneFTPRSHPORTMAPPERHTTPSMTPPOP3IMAPDNSTFTPH245Q931RASREALSIPSQLNETV2TALKVDOXINGIGNORE |
|---|
| | Action | PermitDenyTunnel |
|---|
| Tunnel | VPN None2XM |
|---|
| Modify matching bidirectional VPN policy |
|---|
| L2TP None |
|---|
| Logging | |
|---|
| | |
|---|
| |
6、服务端口定制custom,即上面的VIP::1
Objects > Services > Custom
|
| Name | Transport Protocol and Parameters | Timeout (min) | Configure |
|---|
| was | TCP src port: 0-65535, dst port: 9080-9080 | default[30] | Edit | In Use |
| |
详细配置:
| Service Name | |
|---|
| Service Timeout | Use protocol default
Never
Custom (minutes) |
|---|
| No. | Transport protocol | Source Port | Destination Port | ICMP |
|---|
| Low | High | Low | High | Type | Code |
|---|
| 1 | none TCP UDP ICMP other | | | | | | | | 2 | none TCP UDP ICMP other | | | | | | | | 3 | none TCP UDP ICMP other | | | | | | | | 4 | none TCP UDP ICMP other | | | | | | | | 5 | none TCP UDP ICMP other | | | | | | | | 6 | none TCP UDP ICMP other | | | | | | | | 7 | none TCP UDP ICMP other | | | | | | | | 8 | none TCP UDP ICMP other | | | | | | |
|
|
| |
|---|
1473
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
