系列文章目录
目录
一、防火墙配置
1、绘制拓扑图
防火墙使用USG600V
2、配置Client和Server
3、配置防火墙
进入防火墙,默认用户名密码:admin Admin@123,首次进入修改密码。
1.配置安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/1
[USG6000V1]firewall zone untrust
[USG6000V1-zone-untrust]add int g1/0/0
2.配置IP地址
[USG6000V1]int g1/0/1
[USG6000V1-GigabitEthernet1/0/1]ip address 192.168.2.254 24
[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip address 200.1.1.254 24
3.配置安全策略和静态路由
[USG6000V1]security-policy
[USG6000V1-policy-security]rule name test
[USG6000V1-policy-security-rule-test]source-zone trust
[USG6000V1-policy-security-rule-test]destination-zone untrust
[USG6000V1-policy-security-rule-test]source-address 192.168.2.0 mask 255.255.255.0
[USG6000V1-policy-security-rule-test]destination-address 200.1.1.0 mask 255.255.255.0
[USG6000V1-policy-security-rule-test]service icmp //流量类型
[USG6000V1-policy-security-rule-test]action permit //允许匹配特定规则的数据包通过防火墙
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2