实验要求:1、使用USG6000防火墙,配置OM区域优先级为95,OM区域ping通untrust区域。
2、开启WEB管理,允许宿主PC可以ping通并通过WEB界面配置防火墙。
防火墙具体配置如下:
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.153.10 255.255.255.0
alias GE0/METH
service-manage http permit
service-manage https permit
service-manage ping permit
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 3.3.3.1 255.255.255.0
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 2.2.2.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 1.1.1.1 255.255.255.0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/2
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
#
firewall zone dmz
set priority 50
#
firewall zone name OM id 4
set priority 95
add interface GigabitEthernet1/0/1
#
security-policy
default action permit
rule name OM-un
source-zone OM
destination-zone untrust
source-address 2.2.2.0 0.0.0.255
destination-address 3.3.3.0 0.0.0.255
service icmp
action permit
#云cloud的配置如下:
WEB管理界面如下:
总结:1、USG6000防火墙需要导入镜像文件 vfw_usg.vdi 。
2、USG6000防火墙默认账号密码admin/Admin@123
3、cloud云的接口绑定的网卡可能会造成CPU占用率高的故障,如果出现该故障建议更换绑定网卡。
Leave a Reply