配置ip和默认路由省略(ip rou 0.0.0.0 0 10.0.0.2/ip rou 0.0.0.0 0 20.0.0.2)
改名(第一部做)
改名
sysname fn
绑定防火墙安全域端口
[fn]security-zone name Trust
[fn-security-zone-Trust]import interface g1/0/0
[fn]security-zone name untrust
[fn-security-zone-Untrust]import interface g1/0/1
配置防火墙安全策略
防火墙默认有5个域:Local 本地,Trust 信任,Untrust 不信任,DMZ 隔离区或非军事区,Management 管理
security-policy ip //创建ipv4安全策略
使 trust域 、local域 可通,配置完成 R1 ping FW 可通。
[fn-security-policy-ip]rule name l2t //规则名 l2t(允许local 到 trust)
[fn-security-policy-ip-0-l2t]source-zone local
[fn-security-policy-ip-0-l2t]destination-zone trust
[fn-security-policy-ip-0-l2t]action pass
[fn-security-policy-ip-0-l2t]rule name t2l
[fn-security-policy-ip-1-t2l]source-zone trust
[fn-security-policy-ip-1-t2l]destination-zone local
[fn-security-policy-ip-1-t2l]action pass
[fn-security-policy-ip-1-t2l]qui
使 local域 、untrust 域 可通,配置完成 internet ping FW 可通。
[fn-security-policy-ip]rule name l2u
[fn-security-policy-ip-2-l2u]source-zone local
[fn-security-policy-ip-2-l2u]destination-zone untrust
[fn-security-policy-ip-2-l2u]action pass
[fn-security-policy-ip]rule name u2l
[fn-security-policy-ip-3-u2l]source-zone untrust
[fn-security-policy-ip-3-u2l]destination-zone local
[fn-security-policy-ip-3-u2l]action pass
[fn-security-policy-ip-3-u2l]qui
使 trust域 、untrust 域 可通。
[fn-security-policy-ip]rule name u2t
[fn-security-policy-ip-4-u2t]source-zone untrust
[fn-security-policy-ip-4-u2t]destination-zone trust
[fn-security-policy-ip-4-u2t]ac pa
[fn-security-policy-ip-4-u2t]qu
[fn-security-policy-ip]rule name t2u
[fn-security-policy-ip-5-t2u]source-zone trust
[fn-security-policy-ip-5-t2u]destination-zone untrust
[fn-security-policy-ip-5-t2u]ac pa
[fn-security-policy-ip-5-t2u]qui
[fn-security-policy-ip]qui