实验 9 防火墙双出口配置
实验 9 防火墙双出口配置
请将其中的17替换为你自己的
| 设备 | IP地址 | 子网掩码 | 网关 |
|---|---|---|---|
| PC | 192.168.17.254 | 255.255.255.0 | 192.168.17.1 |
| Server | 17.0.0.254 | 255.255.255.0 | 17.0.0.1 |
FW
Username:admin
Password:Admin@123
The password needs to be changed. Change now? [Y/N]: y
Please enter old password: Admin@123
Please enter new password: Aa123456
Please confirm new password: Aa123456
Info: Your password has been changed. Save the change to survive a reboot.
*************************************************************************
* Copyright (C) 2014-2018 Huawei Technologies Co., Ltd. *
* All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
*************************************************************************
<USG6000V1>sy
Enter system view, return user view with Ctrl+Z.
[USG6000V1]u in e
Info: Saving log files...
Info: Information center is disabled.
[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip a 192.168.17.1 24
[USG6000V1-GigabitEthernet1/0/0]int g1/0/1
[USG6000V1-GigabitEthernet1/0/1]ip a 20.0.0.1 24
[USG6000V1-GigabitEthernet1/0/1]ga 20.0.0.2
[USG6000V1-GigabitEthernet1/0/1]int g1/0/2
[USG6000V1-GigabitEthernet1/0/2]ip a 30.0.0.1 24
[USG6000V1-GigabitEthernet1/0/2]ga 30.0.0.2
[USG6000V1-GigabitEthernet1/0/2]q
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]a i g 1/0/0
[USG6000V1-zone-trust]q
[USG6000V1]firewall zone untrust
[USG6000V1-zone-untrust]a i g 1/0/1
[USG6000V1-zone-untrust]a i g 1/0/2
[USG6000V1-zone-untrust]q
[USG6000V1]security-policy
[USG6000V1-policy-security]ru n xm137
[USG6000V1-policy-security-rule-xm137]source-zone trust
[USG6000V1-policy-security-rule-xm137]destination-zone untrust
[USG6000V1-policy-security-rule-xm137]source-address 192.168.17.0 24
[USG6000V1-policy-security-rule-xm137]act p
[USG6000V1-policy-security-rule-xm137]q
[USG6000V1-policy-security]q
[USG6000V1]nat-policy
[USG6000V1-policy-nat]rule n nat
[USG6000V1-policy-nat-rule-nat]source-zone trust
[USG6000V1-policy-nat-rule-nat]destination-zone untrust
[USG6000V1-policy-nat-rule-nat]source-address 192.168.17.0 24
[USG6000V1-policy-nat-rule-nat]act source-nat easy-ip
[USG6000V1-policy-nat-rule-nat]q
[USG6000V1-policy-nat]q
[USG6000V1]ip route-static 0.0.0.0 0 20.0.0.2路由器配置顺序是 上下右
AR1
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]u in e
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip a 20.0.0.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip a 40.0.0.1 24
[Huawei-GigabitEthernet0/0/1]ospf
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]n 20.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]n 40.0.0.0 0.0.0.255AR2
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]u in e
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip a 30.0.0.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip a 50.0.0.1 24
[Huawei-GigabitEthernet0/0/2]ospf
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]n 30.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]n 50.0.0.0 0.0.0.255AR3
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]u in e
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip a 17.0.0.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip a 40.0.0.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip a 50.0.0.2 24
[Huawei-GigabitEthernet0/0/2]ospf
[Huawei-ospf-1]a 0
[Huawei-ospf-1-area-0.0.0.0]n 17.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]n 40.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]n 50.0.0.0 0.0.0.255ping测试PC–>Server
PC>ping 17.0.0.254
在ping 完成后
<USG6000V1>dis firewall session table
随后断开其中一条线路 例如R1 g0/0/0
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]shu
随后再次ping测试
PC>ping 17.0.0.254
再次查看
<USG6000V1>dis firewall session table