USG3030调试
USG3030调试dis cu
# sysname USG3000
# web-manager enable
# firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
# nat alg enable ftp
nat alg enable dns
nat alg enable icmp
nat alg enable netbios
undo nat alg enable h323
undo nat alg enable hwcc
undo nat alg enable ils
undo nat alg enable pptp
undo nat alg enable qq
undo nat alg enable msn
undo nat alg enable user-define
undo nat alg enable sip
undo nat alg enable rtsp
firewall permit sub-ip
# firewall mode transparent
firewall system-ip 202.116.*.* 255.255.255.0
# firewall defend land enable
firewall defend smurf enable
firewall defend fraggle enable
firewall defend winnuke enable
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
firewall defend ip-sweep enable
firewall defend port-scan enable
firewall defend source-route enable
firewall defend route-record enable
firewall defend tracert enable
firewall defend time-stamp enable
firewall defend ping-of-death enable
firewall defend teardrop enable
firewall defend tcp-flag enable
firewall defend ip-fragment enable
firewall defend large-icmp enable
# firewall statistic system enable
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# interface GigabitEthernet0/2
# interface Secp3/0
# interface NULL0
# interface LoopBack0
# acl number 3000 match-order auto
rule 5 permit icmp
rule 10 permit ip source 202.116.*.* 0 destination 202.116.*.* 0
rule 15 permit ip source 202.116.*.* 0 destination 202.116.*.* 0
rule 20 deny ip destination 202.116.96.20 0
rule 25 permit ip
acl number 3001 match-order auto
rule 5 permit icmp
# firewall zone local
set priority 100
# firewall zone trust
set priority 85
add interface GigabitEthernet0/0
# firewall zone untrust
set priority 5
add interface GigabitEthernet0/1
# firewall zone dmz
set priority 50
# firewall interzone local trust
# firewall interzone local untrust
# firewall interzone local dmz
# firewall interzone trust untrust
packet-filter 3001 inbound
packet-filter 3000 outbound
# firewall interzone trust dmz
# firewall interzone dmz untrust
# aaa
local-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!!
local-user admin service-type web telnet
local-user admin level 3
authentication-scheme default
# authorization-scheme default
# accounting-scheme default
# domain default
#
# user-interface con 0
user privilege level 3
user-interface vty 0 4
authentication-mode aaa
user privilege level 0
# return
页:
[1]