• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 全部
  • 全部
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
高级搜索

防火墙 F100-M-G-AC 故障隔几天就断网,设备重启后正常。

2018-07-12提问
  • 0关注
  • 0收藏,643浏览
粉丝:0人 关注:0人

问题描述:

防火墙已用3年左右,以前没有出现过此类问提,近期没有调整过防火墙配置,目前出现问题,隔几天网络断网,经过排查,发现内网用户无法访问到上级网络,ping本地网关无法PING通,确认为防火墙到路由器无法通信,重启防火墙后,网络恢复正常。

组网及组网描述:

组网方式:局域网各终端链接防火墙,防火墙连接路由器。

防火墙配置如下:<!-- XML CONFIGURATION FILE --> <sslvpn> <diyview> <title-diy-table> <row><index-title>SSL VPN</index-title><welcome-title>Welcome to SSL VPN</welcome-title><service-title>SSL VPN</service-title></row> </title-diy-table> <pic-save-table> <row><service-logo>/svpn/images/h3c.gif</service-logo><service-bg>/svpn/images/top_right_01.jpg</service-bg><index-logo>/svpn/images/h3c.gif</index-logo></row> </pic-save-table> <all-diy-table> <row><enable>0</enable></row> </all-diy-table> </diyview> <resview> <res-ipac-global-table> <row><keepalive>10</keepalive><clireach>0</clireach><onlyvpn>0</onlyvpn><sevdis>0</sevdis></row> </res-ipac-global-table> <res-group-table> <row><id>33890</id><name>autohome</name></row> <row><id>17507</id><name>autostart</name></row> </res-group-table> </resview> <userview> <user-group-table> <row><id>17408</id><name>Guests</name></row> </user-group-table> <user-table> <row><id>2162688</id><name>guest</name><description>Default guest user</description><password-md5>3C943016CF71D795F741F76EED5B63AF</password-md5><public>0</public><public-limit>0</public-limit><status>0</status><period>0-0-0</period><studymac>0</studymac></row> </user-table> </userview> <domainview> <domain-policy-table> <row><enable-sec-policy>0</enable-sec-policy><enable-verify>0</enable-verify><enable-only-client>0</enable-only-client><enable-bind-mac>0</enable-bind-mac><enable-auto-login>0</enable-auto-login><user-out-time>30</user-out-time><dft-auth-method>1</dft-auth-method><cert-sect>0</cert-sect><verify-out-time>120</verify-out-time></row> </domain-policy-table> <cache-policy-table> <row><clear-cache>1</clear-cache><clear-COOKIE>1</clear-COOKIE><clear-client>0</clear-client><clear-config>1</clear-config></row> </cache-policy-table> <dom-loc-auth-table> <row><cerpol>0</cerpol></row> </dom-loc-auth-table> <dom-radius-auth-table> <row><ifstartauth>0</ifstartauth><cerpol>0</cerpol><ifstartcharge>0</ifstartcharge><ifupvirtualaddr>0</ifupvirtualaddr></row> </dom-radius-auth-table> <dom-ldap-auth-table> <row><servport>389</servport><version>3</version><cerpol>0</cerpol><ifstartauth>0</ifstartauth><checkmethod>TEMPLATE</checkmethod></row> </dom-ldap-auth-table> <dom-ad-auth-table> <row><cerpol>0</cerpol><ifstartauth>0</ifstartauth><serverectime>5</serverectime><usrnamestyle>0</usrnamestyle></row> </dom-ad-auth-table> <dom-comb-auth-table> <row><ifstartcombauth>0</ifstartcombauth><cerpol>0</cerpol><ifinputpaswrdagain>0</ifinputpaswrdagain><cerpol_a>0</cerpol_a></row> </dom-comb-auth-table> </domainview> <servermng> <server-mng-table> <row><enable>0</enable><port>443</port></row> </server-mng-table> </servermng> </sslvpn> <nat> <nat> <respond-table> <row><respond-get>0</respond-get></row> </respond-table> </nat> </nat> <flowdetect> <flowdetect> <flowdetect-table> <row><mode>0</mode></row> </flowdetect-table> </flowdetect> </flowdetect> <atkdef> <singlepacket> <singlepacket-table> <row><zoneid>65536</zoneid><autodroppacket>1</autodroppacket><fraggle>1</fraggle><land>1</land><winnuke>1</winnuke><tcpflag>1</tcpflag><icmpunreachable>1</icmpunreachable><icmpredirect>1</icmpredirect><tracert>1</tracert><smurf>1</smurf><sourceroute>1</sourceroute><routerecord>1</routerecord><largeicmp>1</largeicmp><maxpacketlen>4000</maxpacketlen></row> </singlepacket-table> </singlepacket> <synflood> <synflood-option-table> <row><zoneid>65536</zoneid><autodroppacket>1</autodroppacket><sendresetpacket>0</sendresetpacket><addprotectip>0</addprotectip></row> </synflood-option-table> </synflood> <udpflood> <udpflood-option-table> <row><zoneid>65536</zoneid><autodroppacket>1</autodroppacket></row> </udpflood-option-table> </udpflood> <icmpflood> <icmpflood-option-table> <row><zoneid>65536</zoneid><autodroppacket>1</autodroppacket></row> </icmpflood-option-table> </icmpflood> <scan> <scan-table> <row><zoneid>65536</zoneid><scan-enable>1</scan-enable><scan-threshold>4000</scan-threshold><autoaddtoblacklist>1</autoaddtoblacklist><blacklist-lasttime>30</blacklist-lasttime></row> <row><zoneid>65538</zoneid><scan-enable>1</scan-enable><scan-threshold>4000</scan-threshold><autoaddtoblacklist>1</autoaddtoblacklist><blacklist-lasttime>10</blacklist-lasttime></row> </scan-table> </scan> </atkdef> <dhbk> <dhbk> <dhbk-table> <row><function>0</function><type>1</type><status>1</status></row> </dhbk-table> </dhbk> </dhbk> <hosttraffic> <hosttraffic> <basicconfig-table> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>1</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>2</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>3</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>4</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>5</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>6</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>7</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>8</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>9</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>10</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>11</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>12</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>13</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>14</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>15</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>16</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>17</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>18</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>19</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>20</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>21</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>22</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>23</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>24</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>25</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>26</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>27</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>28</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>29</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>30</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>31</virdevid></row> <row><enable>0</enable><inletime>60</inletime><interval>5</interval><virdevid>32</virdevid></row> </basicconfig-table> </hosttraffic> </hosttraffic> <sessionlog> <sessionlog> <switch-table> <row><createlog>0</createlog><deletelog>1</deletelog><activelog>0</activelog></row> </switch-table> </sessionlog> </sessionlog> <loadbalance> <lbvdview> <lbvdinfo-table> <row><lbvdid>1</lbvdid><vdmaxvsnum>1024</vdmaxvsnum><vdmaxrsnum>16384</vdmaxrsnum><vdmaxrgnum>1024</vdmaxrgnum></row> </lbvdinfo-table> </lbvdview> <hcview> <hc-table> <row><type>ARP</type><virdevid>1</virdevid><name>arp</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>DNS</type><virdevid>1</virdevid><name>dns</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostname>A.ROOT-SERVERS.NET</hostname><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>FTP</type><virdevid>1</virdevid><name>ftp</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><username>admin</username><passwd>$c$3$8b9ZRkOmo4lKkmkV4mtjpS3YELyCyw==</passwd><filename>a.b</filename><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport><bchiperpawd>1</bchiperpawd></row> <row><type>HTTP</type><virdevid>1</virdevid><name>http</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><url>/index.htm</url><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>ICMP</type><virdevid>1</virdevid><name>icmp</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>P-DNS</type><virdevid>1</virdevid><name>proxim_dns</name><frequency>120</frequency><timeout>3</timeout><retrytimes>1</retrytimes><hostname>A.ROOT-SERVERS.NET</hostname><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>P-ICMP</type><virdevid>1</virdevid><name>proxim_icmp</name><frequency>120</frequency><timeout>3</timeout><retrytimes>1</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>P-TCP Half Open</type><virdevid>1</virdevid><name>proxim_tcp_half_open</name><frequency>120</frequency><timeout>3</timeout><retrytimes>1</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>RTSP</type><virdevid>1</virdevid><name>rtsp</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>SIP</type><virdevid>1</virdevid><name>sip</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>5060</sipport></row> <row><type>SNMP</type><virdevid>1</virdevid><name>snmp</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>TCP</type><virdevid>1</virdevid><name>tcp</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>TCP Half Open</type><virdevid>1</virdevid><name>tcp_half_open</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> <row><type>UDPNORMAL</type><virdevid>1</virdevid><name>udpnormal</name><frequency>5</frequency><timeout>3</timeout><retrytimes>3</retrytimes><hostip>0.0.0.0</hostip><snmpversion>0</snmpversion><sipprotocol>0</sipprotocol><nasip>0.0.0.0</nasip><sysdefine>0</sysdefine><destip>0.0.0.0</destip><destport>0</destport><sipport>0</sipport></row> </hc-table> </hcview> <proximitydetectview> <proximitydetect-table> <row><masklen>24</masklen><agedtime>60</agedtime><netdelayw>100</netdelayw><rthopw>100</rthopw><outbandwidthw>100</outbandwidthw><linkcostw>100</linkcostw><inbandwidthw>0</inbandwidthw><detectname>proxim_icmp</detectname><Indetectname>proxim_icmp</Indetectname></row> </proximitydetect-table> </proximitydetectview> <inboundview> <inbound-table> <row><endns>0</endns><agedtime>60</agedtime><enisprouting>0</enisprouting></row> </inbound-table> </inboundview> <globalview> <globalset-table> <row><enable>0</enable></row> </globalset-table> </globalview> <glbproximityparaview> <glbproximitypara-table> <row><name>default_dns</name><mask>24</mask><agedtime>1800</agedtime><rtt>100</rtt><ttl>100</ttl><load>100</load><timeout>3</timeout><hostname>A.ROOT-SERVERS.NET</hostname><proximmethod>DNS</proximmethod><proximrestore>1</proximrestore></row> <row><name>default_icmp</name><mask>24</mask><agedtime>1800</agedtime><rtt>100</rtt><ttl>100</ttl><load>100</load><timeout>3</timeout><hostname>A.ROOT-SERVERS.NET</hostname><proximmethod>ICMP</proximmethod><proximrestore>1</proximrestore></row> <row><name>default_tcp_half_open</name><mask>24</mask><agedtime>1800</agedtime><rtt>100</rtt><ttl>100</ttl><load>100</load><timeout>3</timeout><hostname>A.ROOT-SERVERS.NET</hostname><proximmethod>TCP Half Open</proximmethod><proximrestore>1</proximrestore></row> </glbproximitypara-table> </glbproximityparaview> <glbprotocolview> <glbprotocol-table> <row><port>3936</port><authority>2</authority><authoritykey>$c$3$XdNHMDrwbhgwnyg97+fSRUvKyBYWlA==</authoritykey><frequency>5</frequency><timeout>3</timeout><retrytime>5</retrytime><bauthkeychiper>1</bauthkeychiper></row> </glbprotocol-table> </glbprotocolview> </loadbalance> <waninter> <macaddress> <macclone-table> <row><ifindex>67108864</ifindex><configure>0</configure></row> <row><ifindex>67305472</ifindex><configure>0</configure></row> <row><ifindex>67371008</ifindex><configure>0</configure></row> <row><ifindex>67436544</ifindex><configure>0</configure></row> <row><ifindex>243269632</ifindex><configure>0</configure></row> </macclone-table> </macaddress> </waninter> <dpi> <dpi> <java-global-table> <row><keywords>.CLASS</keywords><type>1</type><vdmid>1</vdmid></row> <row><keywords>.JAR</keywords><type>1</type><vdmid>1</vdmid></row> </java-global-table> <activex-global-table> <row><keywords>.OCX</keywords><type>1</type><vdmid>1</vdmid></row> </activex-global-table> </dpi> </dpi> <idscollab> <idscollab> <idscollab-table> <row><enabls>0</enabls></row> </idscollab-table> </idscollab> </idscollab>

最佳答案

粉丝:12人 关注:0人

重启后恢复一般不是配置问题,升个级吧

暂无评论

3 个回答
粉丝:5人 关注:0人

配置

暂无评论

zhiliao_dHFrs 知了小白
粉丝:0人 关注:0人

配置怎么了?哪里有问题

暂无评论

zhiliao_dHFrs 知了小白
粉丝:0人 关注:0人

配置怎么了?哪里有问题

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +
<

亲~登录后才可以操作哦!

确定

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明