• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

终端设备ping不通防火墙

2024-03-20提问
  • 0关注
  • 0收藏,604浏览
粉丝:0人 关注:11人

问题描述:

终端设备直连防火墙ping不通防火墙的端口,防火墙ping终端能通,初步排错ping功能关闭,找到不到对应的命令。

组网及组网描述:

型号(H3C SecPath F1000-C8120)   System image version: 7.1.064, Release 9524P41   防火墙1/0/3口配的192.168.10.254/24,终端连接3口配置192.168.10.210/24

2 个回答
粉丝:237人 关注:8人

安全策略放通一下就可以

跟授权没关系

zhiliao_sEUyB 发表时间:2024-03-20 更多>>

安全策略是any到any全放通的

zhiliao_Mx4jOf 发表时间:2024-03-20

接口加到安全域了吗

zhiliao_sEUyB 发表时间:2024-03-20

这个终端是服务器 我连接的3口划分为DMZ区域了

zhiliao_Mx4jOf 发表时间:2024-03-20

配置上来看下吧

zhiliao_sEUyB 发表时间:2024-03-20

在服务器ping防火墙的3口的地址不通 服务器换成笔记本也不通 我记得华为是要开ping功能才可以ping通防火墙接口的,华三防火墙找不到那个功能,安全区域也全部放行了

zhiliao_Mx4jOf 发表时间:2024-03-20

[H3C]display current-configuration # version 7.1.064, Release 9524P41 # sysname H3C # context Admin id 1 # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dns server 114.114.114.114 dns server 8.8.8.8 # password-recovery enable # vlan 1 # controller Cellular1/0/0 # interface NULL0 # interface GigabitEthernet1/0/0 port link-mode route combo enable copper ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/1 port link-mode route combo enable fiber # interface GigabitEthernet1/0/2 port link-mode route ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet1/0/3 port link-mode route ip address 192.168.10.254 255.255.255.0 gateway 192.168.10.254 # interface GigabitEthernet1/0/4 port link-mode route # interface GigabitEthernet1/0/5 port link-mode route # interface GigabitEthernet1/0/6 port link-mode route # interface GigabitEthernet1/0/7 port link-mode route # interface GigabitEthernet1/0/8 port link-mode route # interface GigabitEthernet1/0/9 port link-mode route # interface GigabitEthernet1/0/10 port link-mode route # interface GigabitEthernet1/0/11 port link-mode route # security-zone name Local # security-zone name Trust # security-zone name DMZ import interface GigabitEthernet1/0/3 # security-zone name Untrust import interface GigabitEthernet1/0/4 import interface GigabitEthernet1/0/5 import interface GigabitEthernet1/0/6 # security-zone name Management import interface GigabitEthernet1/0/0 import interface GigabitEthernet1/0/2 # scheduler logfile size 16 # line class aux user-role network-operator # line class console authentication-mode scheme user-role network-admin # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # info-center source FILTER logfile deny # ssh server enable # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$ba4TPAJe6NhWOi06$d8cWGyz0SOgyoiw+RD871tHET/JnX53prUYUUWNRcrEuoZ89q9kw7XP3ZRjBBQVJQJHP/B26dhWLe1sHMVHOwA== service-type ssh telnet terminal https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # session synchronization enable session synchronization http # ipsec logging negotiation enable # app-group 1 description "User-defined application group" include application 116114 include application 11Platform include application 12530WAPMenHu include application 12580 include application 126WebEmail include application 139Email include application 163Email include application 17173 include application 178Game include application 19Lou include application 1HaoYaoDian include application 2345DaoHang include application 360News include application 360Weather include application 365DiChanJiaJu include application 36Kr include application 4399 include application 51Com include application 52PK include application 56Video include application 58TongCheng include application 7DaysHotel include application 7k7k include application 91Assistant include application 91Game include application afs3-kaserver include application AiBangGongJiao include application AiKaQiChe include application AndroidMarket include application AnHeiXiYouJi include application AnJuKe include application AnQuanGuanJia include application AnYiFinance include application AnZhiMarket include application aol include application appleqtc include application ArclivePlatform include application BaiChengQiuZhiBao include application BaiDuMap include application BaiduSearch include application BaiduShuRuFa include application BaiduSite include application BaiduTieBa include application BaiduWenKu include application BaiduZhiDao include application BaoBaoShu include application BeiBeiNet include application bgp include application Bilibili include application BinZhiWang include application BitTorrent include application bittorrentprotocol include application bootpc include application bootps include application CCTVNews include application chargen include application CheZhuWuYou include application ChiBiZhiZhan include application ChinaEconomics include application ChinaGameCenter include application ChinaRenXiaoYouLu include application ChongLangKuaiXun include application citrixadmin include application citrixima include application citriximaclient include application clearcase include application cma include application CNFOL include application Compass include application corba-iiop include application corba-iiop-ssl include application corbaloc include application CrossFire include application CSOL include application CTCCMusicMenHu include application Ctrip include application cuseeme include application DaHuaXiYou2 include application DaHuaXiYou3 include application DaMai include application DangDang include application daytime include application dbase include application DCCP include application dhcpv6-client include application dhcpv6-server include application dicom include application dicom-iscl include application dicom-tls include application DNF include application dns include application dns-llq include application doom include application DouBan include application DouBanGroup include application DouZhanShen include application Eastmoney include application echo include application edm-adm-notify include application edm-manager include application edm-mgr-cntrl include application edm-mgr-sync include application edm-stager include application edm-std-notify include application ELongTrip include application FaceToFace include application FanRenXiuZhen include application FengHuangWang include application finger include application fix include application ftp include application ftp-data include application ftps include application ftps-data include application g-talk include application GameDog include application GaoDeMap include application GaoDeNavigation include application general_tcp include application general_udp include application GFSecurities include application GGBook include application gnutella-rtr include application gnutella-svc include application GomeOnline include application GoogleDesktop include application gopher include application gprs-data include application gprs-sig include application GreatWisdom include application gtp-control include application gtp-user include application Gu360 include application h225 include application h245 include application h263-video include application h323callsigalt include application h323gatedisc include application h323hostcallsc include application Hao123 include application HaoFangFighting include application HaoZu include application HearthStone include application HeDongMan include application Hexun include application HeYueDu include application hl7 include application HongXiuTianXiang include application http include application https include application HuaBanWang include application Huxiu include application ibm-db2 include application ica include application icabrowser include application ICMP include application IfengFinance include application IfengNews include application ils include application imap include application imap3 include application imaps include application In include application ipx include application iQiYiPPS include application irc include application irc-serv include application ircs include application isakmp include application isi-gl include application ITHome include application JiangShen include application JiFengMarket include application JingWeiMingPianTong include application JingWuTuan include application JinJiangWenXueCheng include application JuMeiYouPin include application KaiXinWang include application Kaspersky include application kazaa include application kerberos include application kerberos-adm include application kerberos-iv include application kftp include application kftp-data include application KGeDaRen include application klogin include application KongZhongEnglish include application KongZhongShuCheng include application kshell include application ktelnet include application KuaiYanKanShu include application KuXun include application l2tp include application LaMaBang include application ldap include application ldaps include application LeagueofLegends include application Letv include application login include application LookMook include application McAfee include application mdns include application mdnsresponder include application MeiLeFM include application MeiTuan include application mgcp-callagent include application mgcp-gateway include application MiaoPai include application MiChat include application microsoft-ds include application MiGuMusic include application MiniXiYou include application MiZhe include application mmcc include application mms include application MoMo include application MopBBS include application ms-sql-m include application ms-sql-s include application msn-messenger include application msrpc include application NavigationDog include application NeiHanDuanZi include application netbios-dgm include application netbios-ns include application netbios-ssn include application NeteaseMoney include application NetEaseNobleMetal include application NetEaseVideo include application NetEaseWeiBo include application netmeeting include application newsprotocol include application nfs include application nicname include application nmap include application nntp include application nntps include application NoteNearMe include application notes include application NoteYoudao include application npp include application ntp include application oicq include application OnlineDown include application ORACLE_PROTOCOL include application orasrv include application ott include application OurGame include application PaPa include application pcanywheredata include application pcanywherestat include application PengYouWang include application PeopleDailyOverseasEdition include application pop3 include application pop3s include application Popkart include application pptp include application PPTV include application presence include application printer include application QianChengWuYou include application QiDianShouJiYueDu include application QieKe include application QQ include application QQFarm include application QQGame include application QQMail include application QQMaJiang include application QQMusic include application QQNews include application QQParkingSpace include application QQPlatform include application QQRanch include application QQSanGuo include application QQSecurityCenter include application QQSpeed include application QQUpdate include application QQX5 include application QQYinSu include application QQZiYouHuanXiang include application QuanMinChuangTianXia include application QuanMinXiYou include application QuNaR include application QuYeBa include application radius include application radius-acct include application radius-dynauth include application ras include application RayLiBBS include application rcp include application rdp include application RenMaiTong include application RenMinWang include application ReXueJiangHu include application rfb include application rip include application rsh include application rsvp-encap-1 include application rsvp-encap-2 include application rsvp-tunnel include application rsync include application rtcp include application rtelnet include application rtmp include application rtp include application rtsp include application SanGuoSha include application sccp include application SCTP include application sdp include application ShenZhiHaoJie include application ShiJieOL include application ShiJiJiaYuan include application ShouJiYiLiao include application SinaForum include application SinaMail include application SinaNews include application SinaVideo include application SinaWeiBo include application sip include application smtp include application snmp include application snmptrap include application socks include application SoHuBaoBao include application SoHuMail include application SoHuVideo include application SoHuWeiBo include application SouFangWang include application SouGouMusic include application SouhuBusiness include application SouhuNews include application SouHuWang include application sqlexec include application sqlexec-ssl include application sqlnet include application ssdp include application ssh include application stun include application stuns include application SuNingYiGou include application SuningYueDu include application sunrpc include application SuperRunning include application svn include application syslog include application systat include application T3 include application tacacs include application tacacs-ds include application TaoBao include application TaoShiJie include application TeamSpeak include application telnet include application telnets include application TencentVideo include application TencentWeiBo include application TengXunWang include application tftp include application tftp-data include application Thunder include application TianTianFuWeng include application TianXia3 include application TianYaBBS include application TianYaRiBao include application TianYiYun include application TieXueBBS include application time include application timed include application TongChengLianAi include application TongChengYou include application TongDaXin include application TongHuaShun include application TouZiTang include application TrainNetwork include application TravelGuide include application Trillian include application Tuan800 include application TuDou include application TuLongZhiRen include application TuNiuTrip include application tunnel include application TuShuBiJi include application Vancl include application VMALL include application VSPlatform include application WanDouJia include application WangYiWang include application WeChat include application Weebia include application WeLove include application WeSee include application who include application whoispp include application WindInformation include application WuMi include application xdmcp include application XiaMi include application XianGuoYueDu include application XiaoXiangShuYuan include application XinLangWang include application XunLeiKanKan include application xwindows include application YinYueTai include application YouKu include application YouXiaWang include application ZhanJianDiGuo include application ZhenAiWang include application ZhihuDaily include application ZhongZhengWang include application ZuoYeBang # ike logging negotiation enable # ip https enable # security-policy ip rule 0 name local-to-any action pass counting enable source-zone local # cloud-management server domain ops.seccloud.h3c.com # return

zhiliao_Mx4jOf 发表时间:2024-03-20

私信你了

zhiliao_Mx4jOf 发表时间:2024-03-20

太乱了,安全域放通就不需要单独开ping了

zhiliao_sEUyB 发表时间:2024-03-20

在下面回答上配置吧

zhiliao_sEUyB 发表时间:2024-03-20

那很奇怪 那是为啥ping不通呢 还是说只能用mgmt口去管理不能用网口去管理

zhiliao_Mx4jOf 发表时间:2024-03-20

可以其他口管理

zhiliao_sEUyB 发表时间:2024-03-20
回复zhiliao_sEUyB:

那就纳闷了 搞成单向访问了 我安全策略就是自带的一个默认的any到any 难道还要再加个么

zhiliao_Mx4jOf 发表时间:2024-03-20
回复zhiliao_sEUyB:

跟授权有关系么

zhiliao_Mx4jOf 发表时间:2024-03-20

跟授权没关系

zhiliao_sEUyB 发表时间:2024-03-20
粉丝:57人 关注:2人

在接口下,如果没有这个命令,就得通过安全策略去放通

interface GigabitEthernet1/0/3

manage ping inbound
manage ping outbound


rule 300 name Trust-Local
action pass
logging enable
source-zone Trust

source-zone UnTrust
destination-zone Local

看防火墙收到包没有

zhiliao_h907dg 发表时间:2024-03-20 更多>>

我的安全区域是全放通的 默认就是 没有做更改

zhiliao_Mx4jOf 发表时间:2024-03-20

debug ip icmp 看一下吧

zhiliao_h907dg 发表时间:2024-03-20

看防火墙收到包没有

zhiliao_h907dg 发表时间:2024-03-20

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明