其他分享
首页 > 其他分享> > 【防火墙】网络信息安全试验拓扑的配置【互联互通】

【防火墙】网络信息安全试验拓扑的配置【互联互通】

作者:互联网

一、实验拓扑:

 

  二、网络拓扑互联互通:

路由器、交换机、主机的IP地址配置  略。

交换机LSW1  VLAN的配置如下所示:

[SW1]disp vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up;         D: Down;         TG: Tagged;         UT: Untagged;
MP: Vlan-mapping;               ST: Vlan-stacking;
#: ProtocolTransparent-vlan;    *: Management-vlan;
--------------------------------------------------------------------------------

VID  Type    Ports                                                          
--------------------------------------------------------------------------------
1    common  UT:Eth0/0/4(D)     Eth0/0/5(D)     Eth0/0/6(D)     Eth0/0/7(D)     
                Eth0/0/8(D)     Eth0/0/9(D)     Eth0/0/10(D)    Eth0/0/11(D)    
                Eth0/0/12(D)    Eth0/0/13(D)    Eth0/0/14(D)    Eth0/0/15(D)    
                Eth0/0/16(D)    Eth0/0/17(D)    Eth0/0/18(D)    Eth0/0/19(D)    
                Eth0/0/20(D)    Eth0/0/21(D)    Eth0/0/22(D)    GE0/0/1(D)      
                GE0/0/2(D)                                                      

10   common  UT:Eth0/0/1(U)                                                     

20   common  UT:Eth0/0/2(U)     Eth0/0/3(U)

交换机LSW1的路由配置:ip route-static 0.0.0.0 0.0.0.0 Vlanif10 11.0.0.10

交换机LSW1的路由表:

[SW1]disp ip rout
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0           D   11.0.0.10       Vlanif10
       10.1.1.0/24  Direct  0    0           D   10.1.1.1        Vlanif20
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       Vlanif20
       11.0.0.0/24  Direct  0    0           D   11.0.0.1        Vlanif10
       11.0.0.1/32  Direct  0    0           D   127.0.0.1       Vlanif10
路由器AR1的路由配置:ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.0.0.10

防火墙FW1的接口配置:

[FW1]disp ip int bri
2020-06-18 12:55:44.820
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 4

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              172.16.0.10/24       up         up        
GigabitEthernet1/0/0              202.0.0.10/24        up         up        
GigabitEthernet1/0/1              11.0.0.10/24         up         up        
GigabitEthernet1/0/2              12.0.0.10/24         up         up 

防火墙相应接口添加至区域:

[FW1]disp zone
local
 priority is 100
 interface of the zone is (0):
#
trust
 priority is 85
 interface of the zone is (2):
    GigabitEthernet0/0/0
    GigabitEthernet1/0/1
#
untrust
 priority is 5
 interface of the zone is (1):
    GigabitEthernet1/0/0
#
dmz
 priority is 50
 interface of the zone is (1):
    GigabitEthernet1/0/2
查看防火墙FW1的默认安全策略:

[FW1]disp security-policy rule all
2020-06-18 12:59:14.270  
Total:1
RULE ID  RULE NAME                         STATE      ACTION       HITS        
--------------------------------------------------------------------------------------------
0               default                                  enable         deny           0           
---------------------------------------------------------------------------------------------
开启防火墙FW1的默认策略为action  为  permit,测试防火墙与其他设备的联通性。

[FW1]security-policy
[FW1-policy-security]default action permit
Warning:Setting the default packet filtering to permit poses security risks. You
 are advised to configure the security policy based on the actual data flows. Ar
e you sure you want to continue?[Y/N]y
[FW1-policy-security]

防火墙FW1的路由配置:

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/0 202.0.0.1
ip route-static 10.1.1.0 255.255.255.0 GigabitEthernet1/0/1 11.0.0.1
测试防火墙与其他设备的连通性。【略】

 

标签:互联互通,GigabitEthernet1,0.0,信息安全,防火墙,up,interface,FW1,Eth0
来源: https://www.cnblogs.com/gd-hn-mzh/p/13156567.html