企业网站建设渠道,火车头wordpress接扣,班级优化大师的优点,芭乐站长统计 网站统计现网1台山石SG6000防火墙#xff0c;配置都可以通过GUI实现。 但有一些配置在命令行下配置效率更高#xff0c;比如在1个已有策略中添加1个host或端口。
下面的双引号可以不加
1 创建服务
1.1 单个端口
service tcp-901tcp dst-port 901 1.2 端口范围
servi…现网1台山石SG6000防火墙配置都可以通过GUI实现。 但有一些配置在命令行下配置效率更高比如在1个已有策略中添加1个host或端口。
下面的双引号可以不加
1 创建服务
1.1 单个端口
service tcp-901tcp dst-port 901 1.2 端口范围
service tcp-10000-65535tcp dst-port 10000 65535 1.3 group 包含多个service 就是思科ASA的object-group service)
servgroup Managementservice SSHservice xdmcp_UDP_177service HTTPSservice tcp-9012 创建Ip
2.1 single ip
address RDM-WaiGua-System-10.248.68.114ip 10.248.68.114/322.2 ip range
address 10.248.68.5-40range 10.248.68.5 10.248.68.402.3 ip subnet
address 10.248.1.0/2410.248.1.0/242.4 当然下面可以接多个条目 比如
address Logisticsip 10.248.33.89/32ip 10.248.33.88/322.5 查看方法
show address xxx
Hillstone # show address 10.248.1.0/24
Name: 10.248.1.0/24
Address family: IPv4
Member count: 1
Address members:10.248.1.0/24
Excluded members:
Total IP count: 256
IP subnet in this entry: 110.248.1.0/243 schedule (时间范围
可以指定只有结束 也可以包含开始结束
schedule 2025.1.17absolute end 01/18/2025 00:00:00schedule 2021/7/1absolute start 01/01/1970 00:00:00 end 07/01/2021 23:59:00
exit4 rule
包含ID行为zone源目IP 端口名称 时间范围
rule id 401action permitsrc-zone SCdst-zone CRsrc-addr Data-1dst-addr wan-1service httpservice httpsname Colasoftrule id 3019action permitsrc-zone INSIDEdst-zone OUTSIDEsrc-ip 10.248.1.1/32dst-addr AI-10.248.1.1-10service tcp-1521schedule 2025.1.17怎样查看rule 不能show rule, 而是show policy, ** 示例 **
hillstone # show policy id 3019
Rule id: 3019
Rule sequence: 12
Status: E
From zone CS to zone SC
Type: 0
Fragment: N/A
Source addresses:10.248.1.1/32
Destination addresses:Oracle-10.248.200.1
Services:tcp-1521
Application:
Schedules:2025.1.17
Action: PERMIT
Roles:
Users:
User-groups:
assistant: disable
Hit 1353 times创建1条rule在最前面
rule top
action permit
src-ip 1.1.1.1/32
dst-ip 2.1.1.1/32
service any删除1条rule
no rule 3029disable一条rule失效而不是删除
rule id 3029
disableEnable一条rule重新生效
rule id 3029
enable5 路由配置
5.1带外接口配置
interface MGT0zone mgtip address 10.19.254.84 255.255.255.0manage ip 10.19.254.85manage sshmanage pingmanage snmpmanage https
exit5.1 静态路由
ip vrouter mgt-vrip route 0.0.0.0/0 10.19.254.2546 接口配置
6.1 聚合接口
interface xethernet1/0aggregate aggregate1mirror enable bothdescription To_Core
exit
interface xethernet1/1aggregate aggregate1mirror enable bothdescription To_Core
exit
interface xethernet1/2aggregate aggregate1mirror enable bothdescription To_Core
exit
interface xethernet1/3aggregate aggregate1mirror enable bothdescription To_Core
exit6.2子接口配置
下面是2台山石的子接口配置因为做了双机 所以是每1台有独立的IP虚拟出来1个VIP
** 第1台**
interface aggregate1.1101zone SCip address 10.19.255.161 255.255.255.248 // 10.19.255.16 是VIPmanage ip 10.19.255.162 // 10.19.255.162 是本机的实IPmanage pingdescription ShengChan** 第2台**
interface aggregate1.1101zone SCip address 10.19.255.161 255.255.255.248 // 10.19.255.16 是VIPmanage ip 10.19.255.163 // 10.19.255.163 是本机的实IPmanage pingdescription ShengChan7 DNS timezone
clock zone china
ip name-server 223.5.5.5 vrouter mgt-vr8 创建用户名
admin user hillstonepassword 123123123password-expiration 1673230455role adminaccess consoleaccess telnetaccess sshaccess httpaccess https
exit
