WEB是中文的,懂点理论都能配出来
下面是命令行的
config
admin user hillstone
password hillstone
interface ethernet0/0 (E0/0是出口,定义为untrust 区域)
zone "untrust"
ip address 172.18.26.78 255.255.255.252
manage ssh
manage telnet
manage snmp
manage http (接口允许这些服务来管理设备)
manage https
manage ping
exit
interface ethernet0/1
bgroup bgroup1
exit
interface ethernet0/2
bgroup bgroup1
exit
(E0/1-4加入组1)
interface ethernet0/3
bgroup bgroup1
exit
interface ethernet0/4
bgroup bgroup1
exit
interface bgroup1 (配置组1为trust区域)
zone "trust"
ip address 10.32.76.1 255.255.252.0
manage telnet
manage http
manage https
manage ssh
manage ping
exit
ip vrouter "trust-vr" (默认路由,next-hop地址)
ip route 0.0.0.0/0 172.18.26.77
exit
policy from "trust" to "untrust"
rule id 1 (trust 到untrust 的策略)
action permit
src-addr "Any"
dst-addr "Any"
service "Any"
exit
exit
policy from "untrust" to "trust"
rule id 2
action permit (untrusty 到trust 的策略)
src-addr "Any"
dst-addr "Any"
service "Any"
exit
exit
这个只是最基本的配置,能够出外网,没有用NAT,hillstone主要是安全防火墙这块,所以这个设备最大的优势就在于QOS流控,可以对应用层进行流量控制。