码迷,mamicode.com
首页 > 其他好文 > 详细

防火墙2

时间:2019-08-29 23:46:18      阅读:186      评论:0      收藏:0      [点我收藏+]

标签:minutes   col   range   参数   使用   bsp   fir   enter   source   

技术图片

 

 

 1.

interface GigabitEthernet1/0/1
undo shutdown
ip address 200.1.1.1 255.255.255.0

interface GigabitEthernet1/0/4
undo shutdown
ip address 169.254.43.1 255.255.255.0

service-manage enable  #进入到管理模式

service-manage all permit  #允许所有

(service-manage http permit
  service-manage https permit
  service-manage ping permit
  service-manage ssh permit
  service-manage snmp permit
  service-manage telnet permit)

firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/2
add interface GigabitEthernet1/0/4
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/3
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/1

security-policy
rule name permit_trust_dmz
source-zone trust
destination-zone dmz
service http
service icmp
action permit

2.

[FW1]security-policy       #安全策略
[FW1-policy-security]rule name permit_telnet    #安全策略名字
[FW1-policy-security-rule-permit_telnet]source-zone trust    #配置安全策略源区域trust
[FW1-policy-security-rule-permit_telnet]destination-zone local  
[FW1-policy-security-rule-permit_telnet]action permit #允许trust区域访问防火墙本地区域local

[FW1]user-interface vty 0 4  #配置vty,允许5个终端使用telnet功能

[FW1-ui-vty0-4]authentication-mode aaa  配置telnet使用aaa身份验证

[FW1-ui-vty0-4]protocol inbound telnet    允许aaa验证telnet

[FW1]aaa  进入aaa验证

[FW1-aaa]manager-user benet

[FW1-aaa-manager-user-lj]password cipher lj@12345  

[FW1-aaa-manager-user-lj]service-type telnet   aaa给telnet提供验证功能

[FW1-aaa-manager-user-lj]level 15  设置telnet账户li为管理员权限

#“0”是参观级别,啥都做不了;“1”是监控级别,可以查看相关配置;“2”为配置级别,可以配置部分参数;“3-15”是管理级别,拥有最大的权限

技术图片

 

 

 技术图片

 

ssh:

[FW1]security-policy
[FW1-policy-security]rule name permit_ssh
[FW1-policy-security-rule-permit_ssh]source-zone trust
[FW1-policy-security-rule-permit_ssh]destination-zone local
[FW1-policy-security-rule-permit_ssh]action permit

[FW1]rsa local-key-pair create   #设置ssh密钥对,最长2048

The key name will be: FW1_Host
The range of public key size is (2048 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:2048
Generating keys...
.+++++
........................++
....++++
...........++

[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]authentication-mode aaa

[FW1-ui-vty0-4]protocol inbound ssh

[FW1]ssh user ljssh

[FW1]ssh user ljssh authentication-type password  #使用密码验证

[FW1]ssh user ljssh service-type stelnet
[FW1]aaa

[FW1-aaa]manager-user ljssh      #AAA验证用户名

[FW1-aaa-manager-user-ljssh]password cipher lj@12345
Info: You are advised to config on man-machine mode.
[FW1-aaa-manager-user-ljssh]service-type ssh#AAA给ssh提供验证

[FW1-aaa-manager-user-ljssh]level 15  #设置ssh验证账户为管理员

[FW1]stelnet server enable  #开启ssh

技术图片

 

 

 

 技术图片

 

 

 

web:

[FW1]security-policy
[FW1-policy-security]rule name permit_web
[FW1-policy-security-rule-permit_web]source-zone trust
[FW1-policy-security-rule-permit_web]destination-zone local
[FW1-policy-security-rule-permit_web]action permit

[FW1]web-manager enable

[FW1]aaa

[FW1-aaa]manager-user web #配置验证账户名为web

[FW1-aaa-manager-user-ljweb]password

Enter Password:  输入密码

Confirm Password: 重新输入
[FW1-aaa-manager-user-ljweb]service-type web
[FW1-aaa-manager-user-ljweb]level 15

技术图片

 

防火墙2

标签:minutes   col   range   参数   使用   bsp   fir   enter   source   

原文地址:https://www.cnblogs.com/TiAmoLJ/p/11432395.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!