19813,SecPath F100-S-G 防火墙端口映射
1676357993,
sysname FIRWALLF1
#
super password level 3 simple 123456
#
firewall packet-filter enable
firewall packet-filter default permit
#
firewall statistic system enable
#
pki entity svpndefent
common-name svpn-gw
organization-unit security
organization h3c
locality beijing
state beijing
country cn
#
pki domain default
crl check disable
#
pki domain svpndefdom
ca identifier svpn
certificate request entity svpndefent
crl check disable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password simple 123456
service-type ssh telnet
level 3
local-user jqict
password cipher BC)Q_@WF*X
service-type ssh
level 3
#
acl number 2
rule
rule 1 deny
#
acl number 3
rule
acl number 3
description WCN_ACL_WAN_IN
rule
rule
rule 1 deny tcp destination-port range 81 82
rule 1 comment wcn_BT
rule 2 deny tcp destination-port eq 6969
rule 2 comment wcn_BT
rule 4 deny tcp destination-port eq 271
rule 4 comment wcn_BT
rule 5 deny tcp destination-port range 4661 4662
rule 5 comment wcn_Emule
rule 6 deny udp destination-port eq 6656
rule 6 comment wcn_Emule
rule 7 deny udp destination-port eq 4672
rule 7 comment wcn_Emule
rule 37 deny tcp destination-port eq 445
rule 37 comment wcn_network_virus
rule 38 deny udp destination-port eq 445
rule 38 comment wcn_network_virus
rule 39 deny tcp destination-port eq 135
rule 39 comment wcn_network_virus
rule 4
rule 4
rule 41 deny tcp destination-port range 137 139
rule 41 comment wcn_network_virus
rule 42 deny udp destination-port eq tftp
rule 42 comment wcn_network_virus
rule 43 deny tcp destination-port eq 593
rule 43 comment wcn_network_virus
rule 44 deny tcp destination-port eq 4444
rule 44 comment wcn_network_virus
rule 45 deny tcp destination-port eq 7
rule 45 comment wcn_network_virus
rule 46 deny tcp destination-port eq 5554
rule 46 comment wcn_network_virus
rule 47 deny tcp destination-port eq 9996
rule 47 comment wcn_network_virus
rule 48 deny tcp destination-port range 1433 1434
rule 48 comment wcn_SqlServer_Slammer
rule 49 deny udp destination-port range 1433 1434
rule 49 comment wcn_SqlServer_Slammer
rule 5
rule 5
acl number 3
description WCN_ACL_LAN_IN
rule
rule
rule 1 deny tcp destination-port range 81 82
rule 1 comment wcn_BT
rule 2 deny tcp destination-port eq 6969
rule 2 comment wcn_BT
rule 4 deny tcp destination-port eq 271
rule 4 comment wcn_BT
rule 5 deny tcp destination-port range 4661 4662
rule 5 comment wcn_Emule
rule 6 deny udp destination-port eq 6656
rule 6 comment wcn_Emule
rule 7 deny udp destination-port eq 4672
rule 7 comment wcn_Emule
rule 8 deny ip destination 121.9.211.2
rule 8 comment wcn_Poco
rule 9 deny ip destination 121.9.211.182
rule 9 comment wcn_Poco
rule 1
rule 1
rule 11 deny ip destination 121.9.213.157
rule 11 comment wcn_Poco
rule 12 deny ip destination 121.9.233.71
rule 12 comment wcn_Poco
rule 13 deny ip destination 121.9.211.166
rule 13 comment wcn_Poco
rule 14 deny ip destination 121.9.211.18
rule 14 comment wcn_Poco
rule 15 deny ip destination 121.9.248.56
rule 15 comment wcn_Poco
rule 16 deny ip destination 121.9.248.55
rule 16 comment wcn_Poco
rule 17 deny ip destination 121.9.248.18
rule 17 comment wcn_Poco
rule 18 deny ip destination 221.11.114.227
rule 18 comment wcn_Poco
rule 19 deny ip destination
rule 19 comment wcn_Poco
rule 2
rule 2
rule 21 deny ip destination 59.39.59.8
rule 21 comment wcn_Poco
rule 22 deny ip destination 59.39.59.12
rule 22 comment wcn_Poco
rule 23 deny ip destination 58.83.13
rule 23 comment wcn_Poco
rule 24 deny ip destination 58.211.84.138
rule 24 comment wcn_Poco
rule 25 deny ip destination 121.9.248.57
rule 25 comment wcn_Poco
rule 26 deny ip destination 211.98.11
rule 26 comment wcn_Poco
rule 27 deny ip destination 61.153.183.37
rule 27 comment wcn_Poco
rule 28 deny ip destination 61.153.183.38
rule 28 comment wcn_Poco
rule 29 deny ip destination 61.236.145.2
rule 29 comment wcn_Poco
rule 3
rule 3
rule 31 deny ip destination 8.12.197.125
rule 31 comment wcn_Poco
rule 32 deny ip destination 2
rule 32 comment wcn_Poco
rule 33 deny ip destination 2
rule 33 comment wcn_Poco
rule 34 deny ip destination 2
rule 34 comment wcn_Poco
rule 35 deny ip destination 116.28.65.253
rule 35 comment wcn_Poco
rule 36 deny ip destination 2
rule 36 comment wcn_Poco
rule 37 deny tcp destination-port eq 445
rule 37 comment wcn_network_virus
rule 38 deny udp destination-port eq 445
rule 38 comment wcn_network_virus
rule 39 deny tcp destination-port eq 135
rule 39 comment wcn_network_virus
rule 4
rule 4
rule 41 deny tcp destination-port range 137 139
rule 41 comment wcn_network_virus
rule 42 deny udp destination-port eq tftp
rule 42 comment wcn_network_virus
rule 43 deny tcp destination-port eq 593
rule 43 comment wcn_network_virus
rule 44 deny tcp destination-port eq 4444
rule 44 comment wcn_network_virus
rule 45 deny tcp destination-port eq 7
rule 45 comment wcn_network_virus
rule 46 deny tcp destination-port eq 5554
rule 46 comment wcn_network_virus
rule 47 deny tcp destination-port eq 9996
rule 47 comment wcn_network_virus
rule 5
rule 5
acl number 3
rule
#
interface Aux
async mode flow
#
interface Ethernet
description WCN_INTERFACE_WAN
ip address 58.18.89.2
firewall packet-filter 3
nat outbound 2
nat server protocol tcp global 58.18.89.2
#
interface Ethernet
description WCN_INTERFACE_LAN
ip address 192.168.1
firewall packet-filter 3
#
interface Ethernet
ip address 192.168.1
#
interface NULL
#
firewall zone local
set priority 1
#
firewall zone trust
add interface Ethernet
set priority 85
#
firewall zone untrust
add interface Ethernet
set priority 5
#
firewall zone DMZ
set priority 5
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static
ip route-static 192.168.
#
ssh authentication-type default password
#
firewall defend ip-spoofing
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
user-interface con
set authentication password cipher Y:O.H18#&N2.D:=;`8<.WA!!
user-interface aux
user-interface vty
authentication-mode scheme
user privilege level 3
set authentication password simple 123456
#
return
[FIRWALLF1
[FIRWALLF1
2
我想映射我的3389端口,映射完但是不通,请指教。下面是我的防火墙配置。
组网及组网描述:
#
sysname FIRWALLF1
#
super password level 3 simple 123456
#
firewall packet-filter enable
firewall packet-filter default permit
#
firewall statistic system enable
#
pki entity svpndefent
common-name svpn-gw
organization-unit security
organization h3c
locality beijing
state beijing
country cn
#
pki domain default
crl check disable
#
pki domain svpndefdom
ca identifier svpn
certificate request entity svpndefent
crl check disable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password simple 123456
service-type ssh telnet
level 3
local-user jqict
password cipher BC)Q_@WF*X
service-type ssh
level 3
#
acl number 2
rule
rule 1 deny
#
acl number 3
rule
acl number 3
description WCN_ACL_WAN_IN
rule
rule
rule 1 deny tcp destination-port range 81 82
rule 1 comment wcn_BT
rule 2 deny tcp destination-port eq 6969
rule 2 comment wcn_BT
rule 4 deny tcp destination-port eq 271
rule 4 comment wcn_BT
rule 5 deny tcp destination-port range 4661 4662
rule 5 comment wcn_Emule
rule 6 deny udp destination-port eq 6656
rule 6 comment wcn_Emule
rule 7 deny udp destination-port eq 4672
rule 7 comment wcn_Emule
rule 37 deny tcp destination-port eq 445
rule 37 comment wcn_network_virus
rule 38 deny udp destination-port eq 445
rule 38 comment wcn_network_virus
rule 39 deny tcp destination-port eq 135
rule 39 comment wcn_network_virus
rule 4
rule 4
rule 41 deny tcp destination-port range 137 139
rule 41 comment wcn_network_virus
rule 42 deny udp destination-port eq tftp
rule 42 comment wcn_network_virus
rule 43 deny tcp destination-port eq 593
rule 43 comment wcn_network_virus
rule 44 deny tcp destination-port eq 4444
rule 44 comment wcn_network_virus
rule 45 deny tcp destination-port eq 7
rule 45 comment wcn_network_virus
rule 46 deny tcp destination-port eq 5554
rule 46 comment wcn_network_virus
rule 47 deny tcp destination-port eq 9996
rule 47 comment wcn_network_virus
rule 48 deny tcp destination-port range 1433 1434
rule 48 comment wcn_SqlServer_Slammer
rule 49 deny udp destination-port range 1433 1434
rule 49 comment wcn_SqlServer_Slammer
rule 5
rule 5
acl number 3
description WCN_ACL_LAN_IN
rule
rule
rule 1 deny tcp destination-port range 81 82
rule 1 comment wcn_BT
rule 2 deny tcp destination-port eq 6969
rule 2 comment wcn_BT
rule 4 deny tcp destination-port eq 271
rule 4 comment wcn_BT
rule 5 deny tcp destination-port range 4661 4662
rule 5 comment wcn_Emule
rule 6 deny udp destination-port eq 6656
rule 6 comment wcn_Emule
rule 7 deny udp destination-port eq 4672
rule 7 comment wcn_Emule
rule 8 deny ip destination 121.9.211.2
rule 8 comment wcn_Poco
rule 9 deny ip destination 121.9.211.182
rule 9 comment wcn_Poco
rule 1
rule 1
rule 11 deny ip destination 121.9.213.157
rule 11 comment wcn_Poco
rule 12 deny ip destination 121.9.233.71
rule 12 comment wcn_Poco
rule 13 deny ip destination 121.9.211.166
rule 13 comment wcn_Poco
rule 14 deny ip destination 121.9.211.18
rule 14 comment wcn_Poco
rule 15 deny ip destination 121.9.248.56
rule 15 comment wcn_Poco
rule 16 deny ip destination 121.9.248.55
rule 16 comment wcn_Poco
rule 17 deny ip destination 121.9.248.18
rule 17 comment wcn_Poco
rule 18 deny ip destination 221.11.114.227
rule 18 comment wcn_Poco
rule 19 deny ip destination
rule 19 comment wcn_Poco
rule 2
rule 2
rule 21 deny ip destination 59.39.59.8
rule 21 comment wcn_Poco
rule 22 deny ip destination 59.39.59.12
rule 22 comment wcn_Poco
rule 23 deny ip destination 58.83.13
rule 23 comment wcn_Poco
rule 24 deny ip destination 58.211.84.138
rule 24 comment wcn_Poco
rule 25 deny ip destination 121.9.248.57
rule 25 comment wcn_Poco
rule 26 deny ip destination 211.98.11
rule 26 comment wcn_Poco
rule 27 deny ip destination 61.153.183.37
rule 27 comment wcn_Poco
rule 28 deny ip destination 61.153.183.38
rule 28 comment wcn_Poco
rule 29 deny ip destination 61.236.145.2
rule 29 comment wcn_Poco
rule 3
rule 3
rule 31 deny ip destination 8.12.197.125
rule 31 comment wcn_Poco
rule 32 deny ip destination 2
rule 32 comment wcn_Poco
rule 33 deny ip destination 2
rule 33 comment wcn_Poco
rule 34 deny ip destination 2
rule 34 comment wcn_Poco
rule 35 deny ip destination 116.28.65.253
rule 35 comment wcn_Poco
rule 36 deny ip destination 2
rule 36 comment wcn_Poco
rule 37 deny tcp destination-port eq 445
rule 37 comment wcn_network_virus
rule 38 deny udp destination-port eq 445
rule 38 comment wcn_network_virus
rule 39 deny tcp destination-port eq 135
rule 39 comment wcn_network_virus
rule 4
rule 4
rule 41 deny tcp destination-port range 137 139
rule 41 comment wcn_network_virus
rule 42 deny udp destination-port eq tftp
rule 42 comment wcn_network_virus
rule 43 deny tcp destination-port eq 593
rule 43 comment wcn_network_virus
rule 44 deny tcp destination-port eq 4444
rule 44 comment wcn_network_virus
rule 45 deny tcp destination-port eq 7
rule 45 comment wcn_network_virus
rule 46 deny tcp destination-port eq 5554
rule 46 comment wcn_network_virus
rule 47 deny tcp destination-port eq 9996
rule 47 comment wcn_network_virus
rule 5
rule 5
acl number 3
rule
#
interface Aux
async mode flow
#
interface Ethernet
description WCN_INTERFACE_WAN
ip address 58.18.89.2
firewall packet-filter 3
nat outbound 2
nat server protocol tcp global 58.18.89.2
#
interface Ethernet
description WCN_INTERFACE_LAN
ip address 192.168.1
firewall packet-filter 3
#
interface Ethernet
ip address 192.168.1
#
interface NULL
#
firewall zone local
set priority 1
#
firewall zone trust
add interface Ethernet
set priority 85
#
firewall zone untrust
add interface Ethernet
set priority 5
#
firewall zone DMZ
set priority 5
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static
ip route-static 192.168.
#
ssh authentication-type default password
#
firewall defend ip-spoofing
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
user-interface con
set authentication password cipher Y:O.H18#&N2.D:=;`8<.WA!!
user-interface aux
user-interface vty
authentication-mode scheme
user privilege level 3
set authentication password simple 123456
#
return
[FIRWALLF1
[FIRWALLF1
2
检查一下域间策略
怎么弄?
19813 发表时间:2CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。,SecPath F100-S-G 防火墙端口映射
