山石防火墙命令查看配置_hillstone 防火墙基本配置

WEB是中文的,懂点理论都能配出来

下面是命令行的

config

admin user hillstone

password hillstone

interface ethernet0/0                            (E0/0是出口,定义为untrust 区域)

zone  "untrust"

ip address 172.18.26.78 255.255.255.252

manage ssh

manage telnet

manage snmp

manage http                                         (接口允许这些服务来管理设备)

manage https

manage ping

exit

interface ethernet0/1

bgroup bgroup1

exit

interface ethernet0/2

bgroup bgroup1

exit

(E0/1-4加入组1)

interface ethernet0/3

bgroup bgroup1

exit

interface ethernet0/4

bgroup bgroup1

exit

interface bgroup1                                       (配置组1为trust区域)

zone  "trust"

ip address 10.32.76.1 255.255.252.0

manage telnet

manage http

manage https

manage ssh

manage ping

exit

ip vrouter "trust-vr"                                    (默认路由,next-hop地址)

ip route 0.0.0.0/0 172.18.26.77

exit

policy from "trust" to "untrust"

rule id 1                                                       (trust 到untrust 的策略)

action permit

src-addr "Any"

dst-addr "Any"

service "Any"

exit

exit

policy from "untrust" to "trust"

rule id 2

action permit                                               (untrusty 到trust 的策略)

src-addr "Any"

dst-addr "Any"

service "Any"

exit

exit

这个只是最基本的配置,能够出外网,没有用NAT,hillstone主要是安全防火墙这块,所以这个设备最大的优势就在于QOS流控,可以对应用层进行流量控制。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值