WEB是中文的,懂点理论都能配出来

下面是命令行的

 

config


admin user hillstone
  password hillstone         
interface ethernet0/0                            (E0/0是出口,定义为untrust 区域)
  zone  "untrust"
  ip address 172.18.26.78 255.255.255.252
  manage ssh
  manage telnet
  manage snmp
  manage http                                         (接口允许这些服务来管理设备)
  manage https
  manage ping
exit     
         
interface ethernet0/1
bgroup bgroup1
exit     
         
interface ethernet0/2
bgroup bgroup1
exit      
                                                     (E0/1-4加入组1)
interface ethernet0/3
bgroup bgroup1
exit     
         
interface ethernet0/4
bgroup bgroup1
exit     
         
interface bgroup1                                       (配置组1为trust区域)
  zone  "trust"
  ip address 10.32.76.1 255.255.252.0
  manage telnet
  manage http
  manage https
  manage ssh
  manage ping
exit     
         
ip vrouter "trust-vr"                                    (默认路由,next-hop地址)
  ip route 0.0.0.0/0 172.18.26.77                    
exit     
         
policy from "trust" to "untrust"
  rule id 1                                                       (trust 到untrust 的策略)
    action permit
    src-addr "Any"
    dst-addr "Any"
    service "Any"
  exit   
         
exit     
         
policy from "untrust" to "trust"
  rule id 2
    action permit                                               (untrusty 到trust 的策略)
    src-addr "Any"
    dst-addr "Any"
    service "Any"
  exit   
         
exit     

 

 这个只是最基本的配置,能够出外网,没有用NAT,hillstone主要是安全防火墙这块,所以这个设备最大的优势就在于QOS流控,可以对应用层进行流量控制。