收藏小站
华为防火墙配置使用手册(自己写) 下载本文

移动策略的优先级:域间或者域内视图下。

policy move policy-id1 { before | after } policy-id2命令用来移动策略优先级,比如policy move 2 before 4 ,before就是指将policy-id1的优先级调整到policy-id2之前,after指的是将policy-id1的优先级调整到policy-id2之后。

firewall statistic system enable //开启报文的统计功能,缺省情况下,系统级的流量统计和监

控功能开启。 Web管理端口配置 web-manager enable

web-manager enable port 8099

web-manager security enable //开启https管理功能 web-manager security enable port 8443 undo web-manager config-guide enable

telnet server enable //开启telnet配置功能 防火墙“安全防护”里的配置。

firewall defend action alert

firewall defend udp-short-header enable firewall defend port-scan enable firewall defend ip-sweep enable firewall defend teardrop enable firewall defend ip-fragment enable firewall defend tcp-flag enable firewall defend winnuke enable firewall defend fraggle enable firewall defend ping-of-death enable firewall defend udp-flood enable

firewall defend smurf enable firewall defend land enable

firewall defend arp-flood enable firewall defend arp-spoofing enable

firewall defend udp-flood base-session max-rate 20000 firewall defend icmp-flood base-session max-rate 255 firewall source-ip detect interface GigabitEthernet0/0/5 firewall source-ip detect interface GigabitEthernet0/0/6

firewall defend icmp-flood interface GigabitEthernet0/0/5 max-rate 200000 firewall defend icmp-flood interface GigabitEthernet0/0/6 max-rate 200000 firewall defend arp-flood interface GigabitEthernet0/0/1 max-rate 50000

自己写的脚本:

ip service-set Tomcat type object

service 0 protocol tcp destination-port 8181 ip service-set Tomcat2 type object

service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8282 ip service-set Tomcat3 type object

service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8585 service 2 protocol tcp destination-port 8787

policy interzone untrust trust inbound policy 0 action permit

policy service service-set icmp policy service service-set Tomcat

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.66 0 policy destination 172.16.4.67 0 policy destination 172.16.4.123 0 policy 1 action permit

policy service service-set ftp policy service service-set icmp

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.71 0

policy 2 action permit

policy service service-set icmp

policy service service-set Tomcat2

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.72 0

policy 3 action permit

policy service service-set icmp policy service service-set Tomcat3

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.119 0

firewall defend arp-flood enable //开启arp泛洪功能

Word文档下载:华为防火墙配置使用手册(自己写).doc
搜索更多:华为防火墙配置使用手册(自己写)


最新浏览


热门浏览
All rights reserved Powered by 南京廖华答案网 
资料来自互联网, 有任何疑问,请联系客服:779662525☒qq.com 苏ICP备20003344号-2