network 发表于 2010-1-17 08:20:23

USG3030调试

USG3030调试
dis cu
# sysname USG3000
# web-manager enable
# firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
# nat alg enable ftp
    nat alg enable dns
    nat alg enable icmp
    nat alg enable netbios
    undo nat alg enable h323
    undo nat alg enable hwcc
    undo nat alg enable ils
    undo nat alg enable pptp
    undo nat alg enable qq
    undo nat alg enable msn
    undo nat alg enable user-define
    undo nat alg enable sip
    undo nat alg enable rtsp
    firewall permit sub-ip
# firewall mode transparent
    firewall system-ip 202.116.*.* 255.255.255.0
# firewall defend land enable
    firewall defend smurf enable
    firewall defend fraggle enable
    firewall defend winnuke enable
    firewall defend syn-flood enable
    firewall defend udp-flood enable
    firewall defend icmp-flood enable
    firewall defend icmp-redirect enable
    firewall defend icmp-unreachable enable
    firewall defend ip-sweep enable
    firewall defend port-scan enable
    firewall defend source-route enable
    firewall defend route-record enable
    firewall defend tracert enable
    firewall defend time-stamp enable
    firewall defend ping-of-death enable
    firewall defend teardrop enable
    firewall defend tcp-flag enable
    firewall defend ip-fragment enable
    firewall defend large-icmp enable
   
# firewall statistic system enable
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# interface GigabitEthernet0/2
# interface Secp3/0
# interface NULL0
# interface LoopBack0
# acl number 3000 match-order auto
         rule 5 permit icmp
rule 10 permit ip source 202.116.*.* 0 destination 202.116.*.* 0
rule 15 permit ip source 202.116.*.* 0 destination 202.116.*.* 0
rule 20 deny ip destination 202.116.96.20 0
rule 25 permit ip

    acl number 3001 match-order auto
         rule 5 permit icmp
# firewall zone local
       set priority 100
# firewall zone trust
       set priority 85
       add interface GigabitEthernet0/0

# firewall zone untrust
      set priority 5
      add interface GigabitEthernet0/1
      
# firewall zone dmz
      set priority 50
# firewall interzone local trust
# firewall interzone local untrust
# firewall interzone local dmz
# firewall interzone trust untrust
      packet-filter 3001 inbound
      packet-filter 3000 outbound
# firewall interzone trust dmz
# firewall interzone dmz untrust
# aaa
    local-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!!
    local-user admin service-type web telnet
    local-user admin level 3
    authentication-scheme default
   
# authorization-scheme default
# accounting-scheme default
# domain default
#
# user-interface con 0
       user privilege level 3
   user-interface vty 0 4
       authentication-mode aaa
       user privilege level 0
# return
页: [1]
查看完整版本: USG3030调试