• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

cad或pdf扫描文件会被网络拦截

2022-05-12提问
  • 0关注
  • 1收藏,918浏览
zhiliao_PJr8l
zhiliao_PJr8l 零段
粉丝:0人 关注:1人

问题描述:



H3C F1050防火墙 配置如下 想咨询一下是哪里配置有问题。内部网络上传没有问题。谢谢

[BEGIN] 2022-05-11 10:15:43

Connecting to 10.10.10.4:23...

Connection established.

To escape to local shell, press 'Ctrl+Alt+]'.

 

******************************************************************************

* Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

login: admin

Password:

login: admin

Password:

<ZZDS-FW>dis cur

#

 version 7.1.064, Release 9323P19

#

 sysname ZZDS-FW

#

 clock timezone Lisbon add 00:00:00

 clock protocol none

#

context Admin id 1

#

ip vpn-instance management

 route-distinguisher 1000000000:1

 vpn-target 1000000000:1 import-extcommunity

 vpn-target 1000000000:1 export-extcommunity

#

 telnet server enable

#

 irf mac-address persistent timer

 irf auto-update enable

 undo irf link-delay

 irf member 1 priority 10

 irf member 2 priority 5

#

 security-zone intra-zone default permit

#

 security-policy disable

#

 session synchronization dns http

#

track 1 nqa entry admin test reaction 1

#

 dialer-group 1 rule ip permit

 dialer-group 2 rule ip permit

 dialer-group 3 rule ip permit

 dialer-group 4 rule ip permit

 dialer-group 5 rule ip permit

 dialer-group 6 rule ip permit

 dialer-group 7 rule ip permit

 dialer-group 8 rule ip permit

 dialer-group 9 rule ip permit

#

 ip unreachables enable

 ip ttl-expires enable

#

 dns proxy enable

 ip host ***.*** 192.168.0.16

 ip host ***.*** 192.168.0.8

#

 lldp global enable

 lldp compliance cdp

#

 password-recovery enable

#

vlan 1

#

vlan 10

#

vlan 12

#

vlan 14

#

vlan 16

#

vlan 18 to 19

#

vlan 140

#

vlan 200

#

irf-port 1/1   

 port group interface GigabitEthernet1/0/22

 port group interface GigabitEthernet1/0/23

#

irf-port 2/2

 port group interface GigabitEthernet2/0/22

 port group interface GigabitEthernet2/0/23

#

object-group ip address 192.168.0.0

 description server-ip-group

 0 network subnet 192.168.0.0 255.255.255.0

#

object-group ip address 192.168.0.7

 description 192.168.0.7

 0 network host address 192.168.0.7

#

object-group ip address 192.168.9.111

 description 192.168.9.111

 0 network host address 192.168.9.111

#

object-group ip address add-server

 70 network host address 192.168.0.5

#

object-group ip address add_server

 0 network host address 192.168.0.8

 10 network host address 192.168.0.7

 20 network host address 192.168.0.31

 30 network host address 192.168.0.20

 40 network host address 192.168.0.30

 50 network host address 192.168.0.16

 60 network host address 192.168.0.13

 80 network host address 192.168.0.14

 90 network host address 192.168.11.4

 100 network host address 192.168.100.1

 110 network host address 202.202.202.226

 111 network host address 113.106.95.197

 120 network host address 192.168.0.9

 130 network host address 192.168.0.5

 140 network host address 192.168.0.6

 150 network host address 192.168.0.218

 160 network host address 192.168.0.207

 170 network host address 192.168.0.32

 180 network host address 192.168.0.18

 190 network host address 192.168.0.200

 200 network host address 192.168.0.12

 210 network host address 192.168.0.17

 220 network host address 10.10.10.5

 230 network host address 192.168.0.22

 240 network host address 192.168.0.19

 250 network host address 192.168.0.228

 260 network host address 192.168.0.33

#

object-group ip address "vlan 10"

 description 192.168.0.0

 0 network subnet 192.168.0.0 255.255.255.0

#

object-group ip address "VLAN 12"

 description VLAN 12 (192.168.2.0θ¶̩

 0 network range 192.168.2.100 192.168.2.240

 0 network exclude 192.168.2.101

 0 network exclude 192.168.2.105

 0 network exclude 192.168.2.200

#

object-group ip address "vlan 14"

 description zztzkg wifi network

 0 network subnet 192.168.4.0 255.255.255.0

 0 network exclude 192.168.4.0

#

object-group ip address "vlan 16"

 description zzds wifi network

 0 network host address 192.168.7.37

#

object-group ip address "Vlan 19"

 description vlan19 £¨192.168.9.0£©

 0 network range 192.168.9.100 192.168.9.131

 10 network range 192.168.9.133 192.168.9.240

#

object-group ip address vlan18

 description vlan18 £¨192.168.8.0£©

 0 network range 192.168.8.100 192.168.8.240

#

object-group service service_port

 0 service tcp destination eq 8080

 10 service tcp destination eq 5656

 20 service tcp destination eq 9999

 30 service tcp destination eq 8081

 40 service tcp destination eq 5367

 50 service tcp destination eq 81

 60 service tcp destination eq 8888

 70 service tcp destination eq 3389

 80 service tcp destination eq 443

 90 service tcp destination eq 5555

 100 service tcp destination eq 1222

 110 service tcp destination eq 10010

 111 service tcp destination eq 10011

 112 service tcp destination eq 10012

 113 service tcp destination eq 10013

 114 service tcp destination eq 10014

 120 service tcp destination eq 10004

 130 service tcp destination eq 8889

 140 service tcp destination eq 6888

 150 service tcp destination eq 11034

 160 service tcp destination eq 10086

 170 service tcp destination eq 3307

 180 service tcp destination eq 8089

 190 service tcp destination eq 5757

 200 service tcp destination eq 6802

 210 service tcp destination eq 23

 220 service tcp destination eq 80

 230 service tcp destination eq 4433

 240 service tcp destination eq 4009

 250 service udp destination eq 4009

 260 service tcp destination eq 4430

 270 service tcp destination eq 6666

 280 service tcp destination eq 8443

 281 service tcp destination eq 5280

 282 service tcp destination eq 5222

 283 service tcp destination eq 7777

 284 service tcp destination eq 5269

 285 service tcp destination eq 5369

 286 service tcp destination eq 5469

 287 service tcp destination eq 8010

 288 service tcp destination eq 8050

 289 service tcp destination eq 8060

 290 service tcp destination eq 445

 291 service tcp destination eq 7805

 292 service tcp destination eq 22

 293 service tcp destination eq 3999

 294 service tcp destination eq 5366

#

 stp global enable

#

policy-based-route pbr_internet permit node 10

 if-match acl 3010

 apply output-interface Dialer6

#

policy-based-route pbr_internet permit node 20

 if-match acl 3020

 apply output-interface Dialer8

#

policy-based-route pbr_internet permit node 50

 if-match acl 3050

 apply output-interface Dialer7

#

policy-based-route pbr_internet permit node 60

 if-match acl 3060

 apply output-interface Dialer6

#

policy-based-route pbr_internet permit node 80

 if-match acl 3080

 apply output-interface Dialer5

#

policy-based-route pbr_internet permit node 90

 if-match acl 3090

 apply output-interface Dialer4

#

policy-based-route pbr_internet permit node 100

 if-match acl 3100

 apply output-interface Dialer7

#

policy-based-route pbr_internet permit node 110

 if-match acl 3110

 apply next-hop 111.111.111.111

#

policy-based-route pbr_internet permit node 120

 if-match acl 3200

 apply output-interface Dialer5

 apply output-interface Dialer8

#

nqa entry admin test

 type icmp-echo

  destination ip 111.111.111.111

  frequency 100

  next-hop ip 111.111.111.111

  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

#

 nqa schedule admin test start-time now lifetime forever

#

interface Bridge-Aggregation1

 port access vlan 200

 link-aggregation mode dynamic

#

interface Bridge-Aggregation2

 port access vlan 10

 link-aggregation mode dynamic

#

interface Dialer0

 mtu 1492

 ppp chap password cipher $c$3$YYjK/TZbs3u7yK65Z8AZlLstflQg+vZios3j

 ppp chap user 075501313047@163.gd

 ppp ipcp dns admit-any

 ppp ipcp dns request

 ppp pap local-user 075501313047@163.gd password cipher $c$3$++rcGFHOoXpjwq/G2pokradymqUJEp21yFTA

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 5

 ip address ppp-negotiate

#

interface Dialer1

 bandwidth 500000

 mtu 1492

 ppp chap password cipher $c$3$SrjBfLeosATN4m6MDatJBGu01kB1Q1Cp+G0e

 ppp chap user 075504184000@163.gd

 ppp pap local-user 075504184000@163.gd password cipher $c$3$wdQEye99p3oY64IQ93Vy4NATrR8bhtDXNhMf

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 60

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer2

 bandwidth 500000

 mtu 1492

 ppp chap password cipher $c$3$Tx2PTTCzOF3upoiSlt8j1p8WpGWqOAZOXOH8

 ppp chap user 075504116487@163.gd

 ppp pap local-user 075504116487@163.gd password cipher $c$3$gzNw4n7L/J3HExYyWxs5t9Bl2R435vvnn7Uz

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 60

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer3

 description FOR USE

 bandwidth 500000

 mtu 1492      

 ppp chap password cipher $c$3$UtjmGK7eKjZa9x4b1+4083W4oFUhCpP4KYmv

 ppp chap user 075505866480@163.gd

 ppp pap local-user 075505866480@163.gd password cipher $c$3$c8cnQeWAx5y/UsUwr2dYTzkHytT4WQEb+Vks

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 60

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer4

 description FOR USE

 bandwidth 500000

 mtu 1492

 ppp chap password cipher $c$3$77DMDuNHhazhZ83jGNT1QwIX5xn2+IGwbT28

 ppp chap user 075507557551@163.gd

 ppp pap local-user 075507557551@163.gd password cipher $c$3$MCUyfCIVGbq/Xcxi0Zcq7aK6a8LMunk01sDD

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 60

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer5

 description FOR USE

 bandwidth 1000000

 mtu 1492

 ppp chap password cipher $c$3$WnOE3aiLe0SHp35cUPI1zHF465nTrgvfJb8R

 ppp chap user 075505424374@163.gd

 ppp ipcp dns admit-any

 ppp ipcp dns request

 ppp pap local-user 075505424374@163.gd password cipher $c$3$z6A4dH74ncGFZoQIXgKo93h+k7Ta9BXLpZnV

 dialer bundle enable

 dialer-group 9

 dialer timer idle 0

 dialer timer autodial 5

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer6

 description FOR USE

 bandwidth 500000

 mtu 1492

 ppp chap password cipher $c$3$jahymyz7+wn6Qrn1D/BQpyaMfk6zhubjG7Hj

 ppp chap user 075501313047@163.gd

 ppp pap local-user 075501313047@163.gd password cipher $c$3$FSlrBxgtKxDsvQdyVZ7mA3O9rISDf4ndYt2c

 dialer bundle enable

 dialer-group 7

 dialer timer idle 0

 dialer timer autodial 5

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer7

 description FOR USE

 bandwidth 500000

 mtu 1492

 ppp chap password cipher $c$3$Z2bGuLHGv1bXrx6Wyb1M2ONB/U6qmr6Xr2JX

 ppp chap user 075503480872@163.gd

 ppp ipcp dns admit-any

 ppp ipcp dns request

 ppp pap local-user 075503480872@163.gd password cipher $c$3$UL8Fka5LCTc8q21qcmKuV3KeBU9zyGVYhV5g

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 5

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#

interface Dialer8

 description FOR USE

 bandwidth 500000

 mtu 1492

 ppp chap password cipher $c$3$yvuYNnmSN1+SCH46mFuSwi0MM9hbylHcaomo

 ppp chap user 075503082136@163.gd

 ppp ipcp dns admit-any

 ppp ipcp dns request

 ppp pap local-user 075503082136@163.gd password cipher $c$3$zXXFlAg/2jxjrAW7Jg6yK9K4f2G1Dd0zjXxk

 dialer bundle enable

 dialer-group 1

 dialer timer idle 0

 dialer timer autodial 5

 ip address ppp-negotiate

 tcp mss 1024

 nat outbound 3000

#              

interface Dialer9

 mtu 1492

 ppp chap user 075503082136@163.gd

 ppp ipcp dns admit-any

 ppp ipcp dns request

 dialer bundle enable

 dialer-group 8

 dialer timer idle 0

 dialer timer autodial 5

 ip address ppp-negotiate

#

interface NULL0

#

interface Vlan-interface1

#

interface Vlan-interface10

 nat hairpin enable

 ip policy-based-route pbr_internet

#

interface Vlan-interface19

#

interface Vlan-interface140

 pppoe-client dial-bundle-number 4

#

interface Vlan-interface200

 ip address 10.10.10.4 255.255.255.0

 nat hairpin enable

 ip policy-based-route pbr_internet

#

interface GigabitEthernet1/0/0

 port link-mode route

 ip binding vpn-instance management

#

interface GigabitEthernet1/0/1

 port link-mode route

 description dialer 1 075504184000@163.gd

 pppoe-client dial-bundle-number 1

#

interface GigabitEthernet1/0/2

 port link-mode route

 description dialer 2  075504116487@163.gd

 pppoe-client dial-bundle-number 2

#

interface GigabitEthernet1/0/3

 port link-mode route

 description dialer3 075505866480@163.gd

 pppoe-client dial-bundle-number 3

#

interface GigabitEthernet1/0/5

 port link-mode route

 pppoe-client dial-bundle-number 0

#

interface GigabitEthernet1/0/6

 port link-mode route

 description link to 40M special line

 shutdown

 ip address 202.202.202.226 255.255.255.224

 tcp mss 1024

 nat outbound 3000

 nat server protocol tcp global 202.202.202.228 80 inside 192.168.0.8 80

 nat server protocol tcp global 202.202.202.228 81 inside 192.168.0.8 81

 nat server protocol tcp global 202.202.202.228 4430 inside 192.168.0.6 443

 nat server protocol tcp global 202.202.202.228 5222 inside 192.168.0.8 5222

 nat server protocol tcp global 202.202.202.228 5269 inside 192.168.0.8 5269

 nat server protocol tcp global 202.202.202.228 5280 inside 192.168.0.8 5280

 nat server protocol tcp global 202.202.202.228 5367 inside 192.168.0.32 5367

 nat server protocol tcp global 202.202.202.228 5369 inside 192.168.0.8 5369

 nat server protocol tcp global 202.202.202.228 5469 inside 192.168.0.8 5469

 nat server protocol tcp global 202.202.202.228 5656 inside 192.168.0.8 5656

 nat server protocol tcp global 202.202.202.228 7777 inside 192.168.0.8 7777

 nat server protocol tcp global 202.202.202.228 8007 inside 192.168.0.21 8007

 nat server protocol tcp global 202.202.202.228 8060 inside 192.168.0.8 8060

 nat server protocol tcp global 202.202.202.228 8080 inside 192.168.0.8 80

 nat server protocol tcp global 202.202.202.228 8081 inside 192.168.0.32 8081

 nat server protocol tcp global 202.202.202.228 8443 inside 192.168.0.8 8443

 nat server protocol tcp global 202.202.202.228 8888 inside 192.168.0.8 8888

 nat server protocol tcp global 202.202.202.228 9999 inside 192.168.0.8 9999

 nat server protocol tcp global 202.202.202.229 80 inside 192.168.0.13 5757

 nat server protocol tcp global 202.202.202.229 88 inside 192.168.0.33 88

 nat server protocol tcp global 202.202.202.229 3999 inside 192.168.0.7 3999

 nat server protocol tcp global 202.202.202.229 4009 inside 192.168.0.6 4009

 nat server protocol tcp global 202.202.202.229 4430 inside 192.168.0.6 4430

 nat server protocol tcp global 202.202.202.229 5222 inside 192.168.0.218 5222

 nat server protocol tcp global 202.202.202.229 5269 inside 192.168.0.218 5269

 nat server protocol tcp global 202.202.202.229 5280 inside 192.168.0.218 5280

 nat server protocol tcp global 202.202.202.229 5366 inside 192.168.0.20 5366

 nat server protocol tcp global 202.202.202.229 5367 inside 192.168.0.20 5367

 nat server protocol tcp global 202.202.202.229 5369 inside 192.168.0.218 5369

 nat server protocol tcp global 202.202.202.229 5469 inside 192.168.0.218 5469

 nat server protocol tcp global 202.202.202.229 5555 inside 192.168.0.8 5555

 nat server protocol tcp global 202.202.202.229 5656 inside 192.168.0.19 5656

 nat server protocol tcp global 202.202.202.229 6666 inside 192.168.0.31 6666

 nat server protocol tcp global 202.202.202.229 7777 inside 192.168.0.218 7777

 nat server protocol tcp global 202.202.202.229 8050 inside 192.168.0.33 80

 nat server protocol tcp global 202.202.202.229 8060 inside 192.168.0.33 80

 nat server protocol tcp global 202.202.202.229 8080 inside 192.168.0.218 8080

 nat server protocol tcp global 202.202.202.229 8081 inside 192.168.0.20 8081

 nat server protocol tcp global 202.202.202.229 8443 inside 192.168.0.218 8443

 nat server protocol tcp global 202.202.202.229 8889 inside 192.168.0.30 8889

 nat server protocol tcp global 202.202.202.229 9999 inside 192.168.0.218 9999

 nat server protocol tcp global 202.202.202.230 5656 inside 192.168.0.228 5656

 nat server protocol tcp global 202.202.202.230 5757 inside 192.168.0.13 5757

 nat server protocol tcp global 202.202.202.230 6802 inside 192.168.0.5 6802

 nat server protocol tcp global 202.202.202.230 8010 inside 192.168.0.17 8010

 nat server protocol tcp global 202.202.202.230 8050 inside 192.168.0.17 8050

 nat server protocol tcp global 202.202.202.230 8060 inside 192.168.0.17 8060

 nat server protocol tcp global 202.202.202.230 8089 inside 192.168.0.5 8089

 nat server protocol tcp global 202.202.202.230 8888 inside 192.168.0.13 8888

 nat server protocol tcp global 202.202.202.231 80 inside 192.168.0.16 80

 nat server protocol tcp global 202.202.202.231 8010 inside 192.168.0.16 8010

 nat server protocol tcp global 202.202.202.231 8050 inside 192.168.0.16 8050

 nat server protocol tcp global 202.202.202.231 8888 inside 192.168.0.16 8888

 nat server protocol tcp global 202.202.202.232 21 inside 192.168.0.22 21

 nat server protocol tcp global 202.202.202.232 5757 inside 192.168.0.12 80

 nat server protocol tcp global 202.202.202.232 8080 inside 192.168.0.12 80

 nat server protocol udp global 202.202.202.229 4009 inside 192.168.0.6 4009

#

interface GigabitEthernet1/0/7

 port link-mode route

 description new 50M special line

 ip address 113.106.95.197 255.255.255.128

 nat outbound 3000

 nat server protocol tcp global 113.106.95.198 80 inside 192.168.0.8 80

 nat server protocol tcp global 113.106.95.198 81 inside 192.168.0.8 81

 nat server protocol tcp global 113.106.95.198 4430 inside 192.168.0.6 443

 nat server protocol tcp global 113.106.95.198 5222 inside 192.168.0.8 5222

 nat server protocol tcp global 113.106.95.198 5269 inside 192.168.0.8 5269

 nat server protocol tcp global 113.106.95.198 5280 inside 192.168.0.8 5280

 nat server protocol tcp global 113.106.95.198 5367 inside 192.168.0.32 5367

 nat server protocol tcp global 113.106.95.198 5369 inside 192.168.0.8 5369

 nat server protocol tcp global 113.106.95.198 5469 inside 192.168.0.8 5469

 nat server protocol tcp global 113.106.95.198 5656 inside 192.168.0.8 5656

 nat server protocol tcp global 113.106.95.198 7777 inside 192.168.0.8 7777

 nat server protocol tcp global 113.106.95.198 8007 inside 192.168.0.21 8007

 nat server protocol tcp global 113.106.95.198 8060 inside 192.168.0.8 8060

 nat server protocol tcp global 113.106.95.198 8080 inside 192.168.0.8 80

 nat server protocol tcp global 113.106.95.198 8081 inside 192.168.0.32 8081

 nat server protocol tcp global 113.106.95.198 8443 inside 192.168.0.8 8443

 nat server protocol tcp global 113.106.95.198 8888 inside 192.168.0.8 8888

 nat server protocol tcp global 113.106.95.198 9999 inside 192.168.0.8 9999

 nat server protocol tcp global 113.106.95.199 80 inside 192.168.0.13 5757

 nat server protocol tcp global 113.106.95.199 88 inside 192.168.0.33 88

 nat server protocol tcp global 113.106.95.199 3999 inside 192.168.0.7 3999

 nat server protocol tcp global 113.106.95.199 4009 inside 192.168.0.6 4009

 nat server protocol tcp global 113.106.95.199 4430 inside 192.168.0.6 4430

 nat server protocol tcp global 113.106.95.199 5222 inside 192.168.0.218 5222

 nat server protocol tcp global 113.106.95.199 5269 inside 192.168.0.218 5269

 nat server protocol tcp global 113.106.95.199 5280 inside 192.168.0.218 5280

 nat server protocol tcp global 113.106.95.199 5366 inside 192.168.0.20 5366

 nat server protocol tcp global 113.106.95.199 5367 inside 192.168.0.20 5367

 nat server protocol tcp global 113.106.95.199 5369 inside 192.168.0.218 5369

 nat server protocol tcp global 113.106.95.199 5469 inside 192.168.0.218 5469

 nat server protocol tcp global 113.106.95.199 5555 inside 192.168.0.8 5555

 nat server protocol tcp global 113.106.95.199 5656 inside 192.168.0.19 5656

 nat server protocol tcp global 113.106.95.199 6666 inside 192.168.0.31 6666

 nat server protocol tcp global 113.106.95.199 7777 inside 192.168.0.218 7777

 nat server protocol tcp global 113.106.95.199 8050 inside 192.168.0.33 80

 nat server protocol tcp global 113.106.95.199 8060 inside 192.168.0.33 80

 nat server protocol tcp global 113.106.95.199 8080 inside 192.168.0.218 8080

 nat server protocol tcp global 113.106.95.199 8081 inside 192.168.0.20 8081

 nat server protocol tcp global 113.106.95.199 8443 inside 192.168.0.218 8443

 nat server protocol tcp global 113.106.95.199 8889 inside 192.168.0.30 8889

 nat server protocol tcp global 113.106.95.199 9999 inside 192.168.0.218 9999

 nat server protocol tcp global 113.106.95.200 5656 inside 192.168.0.228 5656

 nat server protocol tcp global 113.106.95.200 5757 inside 192.168.0.13 5757

 nat server protocol tcp global 113.106.95.200 6802 inside 192.168.0.5 6802

 nat server protocol tcp global 113.106.95.200 8010 inside 192.168.0.17 8010

 nat server protocol tcp global 113.106.95.200 8050 inside 192.168.0.17 8050

 nat server protocol tcp global 113.106.95.200 8060 inside 192.168.0.17 8060

 nat server protocol tcp global 113.106.95.200 8089 inside 192.168.0.5 8089

 nat server protocol tcp global 113.106.95.200 8888 inside 192.168.0.13 8888

 nat server protocol tcp global 113.106.95.201 80 inside 192.168.0.16 80

 nat server protocol tcp global 113.106.95.201 8010 inside 192.168.0.16 8010

 nat server protocol tcp global 113.106.95.201 8050 inside 192.168.0.16 8050

 nat server protocol tcp global 113.106.95.201 8888 inside 192.168.0.16 8888

 nat server protocol tcp global 113.106.95.202 21 inside 192.168.0.22 21

 nat server protocol tcp global 113.106.95.202 5757 inside 192.168.0.12 80

 nat server protocol tcp global 113.106.95.202 8080 inside 192.168.0.12 80

 nat server protocol udp global 113.106.95.199 4009 inside 192.168.0.6 4009

#

interface GigabitEthernet1/0/8

 port link-mode route

 description dialer6 500M

 pppoe-client dial-bundle-number 6

#

interface GigabitEthernet1/0/9

 port link-mode route

 description dialer7 500M

 pppoe-client dial-bundle-number 7

#

interface GigabitEthernet1/0/10

 port link-mode route

#

interface GigabitEthernet1/0/11

 port link-mode route

 description dialer5 500M

 pppoe-client dial-bundle-number 5

#

interface GigabitEthernet1/0/12

 port link-mode route

#

interface GigabitEthernet1/0/13

 port link-mode route

 description dialer8 500M

 pppoe-client dial-bundle-number 8

#

interface GigabitEthernet1/0/15

 port link-mode route

 description dialer9

#

interface GigabitEthernet1/0/21

 port link-mode route

#

interface GigabitEthernet2/0/0

 port link-mode route

#

interface GigabitEthernet2/0/5

 port link-mode route

#

interface GigabitEthernet2/0/6

 port link-mode route

#

interface GigabitEthernet2/0/7

 port link-mode route

#

interface GigabitEthernet2/0/8

 port link-mode route

#

interface GigabitEthernet2/0/9

 port link-mode route

#

interface GigabitEthernet2/0/10

 port link-mode route

#

interface GigabitEthernet2/0/11

 port link-mode route

#

interface GigabitEthernet2/0/12

 port link-mode route

#

interface GigabitEthernet2/0/13

 port link-mode route

#

interface GigabitEthernet2/0/16

 port link-mode route

#

interface GigabitEthernet2/0/17

 port link-mode route

#

interface GigabitEthernet2/0/18

 port link-mode route

#

interface GigabitEthernet2/0/19

 port link-mode route

#

interface GigabitEthernet2/0/20

 port link-mode route

#

interface GigabitEthernet2/0/21

 port link-mode route

#

interface GigabitEthernet1/0/4

 port link-mode bridge

 port access vlan 140

#

interface GigabitEthernet1/0/14

 port link-mode bridge

 description to_SW-CORE_G1/3/0/1

 port access vlan 200

#

interface GigabitEthernet1/0/16

 port link-mode bridge

 port access vlan 19

#

interface GigabitEthernet1/0/17

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet1/0/18

 port link-mode bridge

 port access vlan 18

#

interface GigabitEthernet1/0/19

 port link-mode bridge

 port access vlan 14

#

interface GigabitEthernet1/0/20

 port link-mode bridge

 port access vlan 16

#

interface GigabitEthernet2/0/1

 port link-mode bridge

#

interface GigabitEthernet2/0/2

 port link-mode bridge

#

interface GigabitEthernet2/0/3

 port link-mode bridge

#              

interface GigabitEthernet2/0/4

 port link-mode bridge

 port access vlan 140

#

interface GigabitEthernet2/0/14

 port link-mode bridge

 description to_SW-CORE_G2/2/0/1

 port access vlan 200

#

interface GigabitEthernet2/0/15

 port link-mode bridge

 port access vlan 10

 port link-aggregation group 2

#

interface GigabitEthernet1/0/22

#

interface GigabitEthernet1/0/23

#

interface GigabitEthernet2/0/22

#

interface GigabitEthernet2/0/23

#

object-policy ip any_to_trust

 rule 0 pass

#

object-policy ip local_to_trust

 rule 0 pass

#

object-policy ip local_to_untrust

 rule 0 pass

#

object-policy ip trust_to_local

 rule 0 pass

#

object-policy ip trust_to_untrust

 rule 0 pass

#

object-policy ip untrust-trust

#

object-policy ip untrust_to_trust

 rule 0 pass destination-ip add_server service service_port logging counting

#

security-zone name Local

#

security-zone name Trust

 import interface Vlan-interface10

 import interface Vlan-interface19

 import interface Vlan-interface200

 import interface Bridge-Aggregation1 vlan 200

 import interface Bridge-Aggregation2 vlan 10

 import interface GigabitEthernet1/0/14 vlan 200

 import interface GigabitEthernet1/0/16 vlan 19

 import interface GigabitEthernet1/0/17 vlan 12

 import interface GigabitEthernet1/0/18 vlan 18

 import interface GigabitEthernet1/0/19 vlan 14

 import interface GigabitEthernet1/0/20 vlan 16

 import interface GigabitEthernet2/0/14 vlan 200

 import interface GigabitEthernet2/0/15 vlan 10

#

security-zone name DMZ

#

security-zone name Untrust

 import interface Dialer1

 import interface Dialer2

 import interface Dialer3

 import interface Dialer4

 import interface Dialer5

 import interface Dialer6

 import interface Dialer7

 import interface Dialer8

 import interface GigabitEthernet1/0/6

 import interface GigabitEthernet1/0/7

 import interface GigabitEthernet1/0/9

 import interface GigabitEthernet1/0/11

 import interface GigabitEthernet1/0/13

 import interface GigabitEthernet1/0/15

 import interface GigabitEthernet2/0/5

 import interface GigabitEthernet2/0/6

 import interface Vlan-interface140

 import interface GigabitEthernet1/0/4 vlan 140

 attack-defense apply policy policy

#

security-zone name Management

 import interface GigabitEthernet1/0/0

#

zone-pair security source Any destination Any

#

zone-pair security source Local destination Trust

 object-policy apply ip local_to_trust

#

zone-pair security source Local destination Untrust

 object-policy apply ip local_to_untrust

#

zone-pair security source Trust destination Local

 object-policy apply ip trust_to_local

#

zone-pair security source Trust destination Untrust

 object-policy apply ip trust_to_untrust

#

zone-pair security source Untrust destination Trust

 object-policy apply ip untrust_to_trust

#

 scheduler logfile size 16

#

line class aux

 user-role network-operator

#

line class console

 user-role network-admin

#

line class vty

 user-role network-operator

#

line aux 0

 user-role network-admin

#

line aux 1

 user-role network-operator

#

line con 0 1

 user-role network-admin

#

line vty 0 4

 authentication-mode scheme

 user-role network-operator

#

line vty 5 63

 user-role network-operator

#

 ip route-static 0.0.0.0 0 Dialer4

 ip route-static 0.0.0.0 0 Dialer6

 ip route-static 0.0.0.0 0 Dialer7

 ip route-static 0.0.0.0 0 111.111.111.111 track 1 preference 1

 ip route-static 0.0.0.0 0 Dialer8

 ip route-static 0.0.0.0 0 Dialer5

 ip route-static 10.10.0.0 16 10.10.10.1

 ip route-static 10.10.110.0 24 10.10.10.1

 ip route-static 192.168.0.0 16 10.10.10.1

 ip route-static 192.168.52.0 24 10.10.10.3

 ip route-static 192.168.53.0 24 10.10.10.3

#

 undo info-center enable

#

 snmp-agent

 snmp-agent local-engineid 800063A203703D15B78190

 snmp-agent community write system!@#$%^&*

 snmp-agent sys-info location ZZDS

 snmp-agent sys-info version all

 snmp-agent target-host trap address udp-domain 192.168.9.108 params securityname system!@#$%^&* v2c

#

 ssh server enable

#

 arp static 192.168.100.253 d461-fec4-9718

#

acl advanced 3000

 rule 20 permit ip

#

acl advanced 3010

 description dialer1

 rule 40 deny ip source 202.202.202.228 0 destination 192.168.3.0 0.0.0.255

 rule 45 deny ip source 202.202.202.228 0 destination 192.168.4.0 0.0.0.255

 rule 50 deny ip source 202.202.202.228 0 destination 192.168.5.0 0.0.0.255

 rule 55 deny ip source 202.202.202.228 0 destination 192.168.6.0 0.0.1.255

 rule 60 deny ip source 202.202.202.229 0 destination 192.168.3.0 0.0.0.255

 rule 65 deny ip source 202.202.202.229 0 destination 192.168.4.0 0.0.0.255

 rule 70 deny ip source 202.202.202.229 0 destination 192.168.5.0 0.0.0.255

 rule 80 permit ip source 192.168.7.0 0.0.0.255

 rule 85 permit ip source 192.168.3.0 0.0.0.255

 rule 95 permit ip source 192.168.5.0 0.0.0.255

#

acl advanced 3020

 rule 20 permit ip source 192.168.2.0 0.0.0.255

#

acl advanced 3040

#

acl advanced 3050

 description dialer2 for wifi zzkgtz36

 rule 50 permit ip source 192.168.6.0 0.0.0.255

#

acl advanced 3060

 description dialer3 for 36f chengfa

 rule 80 permit ip source 192.168.8.0 0.0.0.255

#

acl advanced 3070

 rule 0 permit ip source 192.168.52.0 0.0.0.255 logging

 rule 5 permit ip source 192.168.53.0 0.0.0.255 logging

#

acl advanced 3080

 description wifi "ZZDS" NETWORK

 rule 90 permit ip source 192.168.4.0 0.0.0.255

 rule 100 permit ip source 192.168.7.37 0

 rule 110 permit ip source 192.168.6.141 0

#

acl advanced 3090

 description FOR subnet 90

 rule 10 deny ip source 192.168.9.122 0

 rule 30 permit ip source 192.168.9.0 0.0.0.255

#

acl advanced 3100

 description for wifi zzgroup

 rule 10 permit ip source 192.168.3.0 0.0.0.255

#

acl advanced 3110

 description special 50M

 rule 30 permit ip source 192.168.0.0 0.0.0.255

#

acl advanced 3200

 description use 9.122 test network

 rule 10 permit ip source 192.168.9.122 0

#

domain system

#

 aaa session-limit ftp 16

 aaa session-limit telnet 16

 aaa session-limit ssh 16

 domain default enable system

#

role name level-0

 description Predefined level-0 role

#

role name level-1

 description Predefined level-1 role

#

role name level-2

 description Predefined level-2 role

#

role name level-3

 description Predefined level-3 role

#

role name level-4

 description Predefined level-4 role

#

role name level-5

 description Predefined level-5 role

#

role name level-6

 description Predefined level-6 role

#

role name level-7

 description Predefined level-7 role

#

role name level-8

 description Predefined level-8 role

#

role name level-9

 description Predefined level-9 role

#

role name level-10

 description Predefined level-10 role

#

role name level-11

 description Predefined level-11 role

#              

role name level-12

 description Predefined level-12 role

#

role name level-13

 description Predefined level-13 role

#

role name level-14

 description Predefined level-14 role

#

user-group system

#

local-user admin class manage

 password hash $h$6$e9SQGgK5B30z2IBh$17sWFYGClk9Zc/tucy23+1eVkAy8VnvgueTtOwb19tYNbEuACmONqlLziax0Z76N13hsaZ4V9pzh5CW2t2RdpA==

 service-type ssh telnet terminal https

 authorization-attribute user-role level-3

 authorization-attribute user-role network-admin

 authorization-attribute user-role network-operator

#

 ip https enable

#

attack-defense policy policy

 scan detect level medium action drop logging

 syn-flood detect ip 202.202.202.228 threshold 1000 action logging drop

 syn-flood detect ip 202.202.202.229 threshold 1000 action logging drop

 syn-flood detect ip 202.202.202.230 threshold 1000 action logging drop

 syn-flood detect ip 202.202.202.231 threshold 1000 action logging drop

 syn-flood detect ip 202.202.202.232 threshold 1000 action logging drop

#

url-filter policy teamview

 default-action permit

 category teamview action drop logging

 add blacklist 1 host text ***.***

#

url-filter category teamview severity 2000

 rule 1 host text teamviewer

 description teamview

#

app-profile 0_IPv4

 url-filter apply policy teamview

#

inspect block-source parameter-profile ips_block_default_parameter

#

inspect block-source parameter-profile url_block_default_parameter

#

loadbalance action ##defaultactionforllbipv4##%%autocreatedbyweb%% type link-generic

 forward all   

#

loadbalance policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%% type link-generic

 default-class action ##defaultactionforllbipv4##%%autocreatedbyweb%%

#

virtual-server ##defaultvsforllbipv4##%%autocreatedbyweb%% type link-ip

 virtual ip address 0.0.0.0 0

 lb-policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%%

 service enable

#

traffic-policy

 rule name "vlan 10"

  action qos profile "vlan 10"

  source-address address-set "vlan 10"

 rule name "vlan 12"

  action qos profile other

  source-address address-set "VLAN 12"

 rule name oher

  action qos profile other

  source-address address-set "vlan 14"

  source-address address-set "Vlan 19"

  source-address address-set vlan18

 rule name wifi

  action qos profile wifi

  source-address address-set "vlan 16"

 profile name other

  bandwidth upstream maximum per-ip 10000

  bandwidth downstream maximum per-ip 15000

 profile name vlan12

  bandwidth upstream maximum per-ip 10000

  bandwidth downstream maximum per-ip 10000

 profile name "vlan 10"

  bandwidth downstream guaranteed 50000

  bandwidth downstream maximum 50000

  bandwidth upstream guaranteed 50000

  bandwidth upstream maximum 50000

  traffic-priority 7

  bandwidth upstream maximum per-ip 20000

  bandwidth downstream maximum per-ip 20000

 profile name wifi

  traffic-priority 7

  connection-limit count per-ip 1000

  bandwidth upstream maximum per-ip 8000

  bandwidth downstream maximum per-ip 10000

#

security-policy ip

 rule 0 name 192.168.0.7

  action pass

  counting enable

  profile 0_IPv4

  source-zone Trust

  destination-zone Untrust

 rule 1 name ips

  action pass

  counting enable

  source-zone Untrust

  destination-zone Trust

 rule 2 name trust2local

  action pass

  counting enable

  source-zone Trust

  destination-zone Local

 rule 3 name local2trust

  action pass

  counting enable

  source-zone Local

  destination-zone Trust

#

ips policy ips

 object-dir server client

 action block-source drop permit reset

 signature override all drop logging

 protect-target OperationSystem Windows

 protect-target NetworkDevice Other

 protect-target NetworkDevice Cisco

 protect-target OfficeSoftware MicrosoftOffice

 protect-target WebServer Any

 protect-target WebServer Other

 protect-target WebServer WebLogic

 protect-target Database MS-SQL

 protect-target Database MySQL

 protect-target Database Oracle

 protect-target Database ACCESS

 protect-target WebApplication Any

 protect-target WebApplication Other

 protect-target WebApplication PHP

 protect-target ApplicationSoftware Other

 protect-target ApplicationSoftware IM

 protect-target ApplicationSoftware Security

 protect-target Browser InternetExplorer

 protect-target NetworkProtocol HTTP

 protect-target NetworkProtocol FTP

 protect-target Other Other

 attack-category Vulnerability SQLInjection

 attack-category Vulnerability XSS

 attack-category Vulnerability RemoteCodeExecution

#

return

<ZZDS-FW>quit

Connection closing...Socket close.

 

Connection closed by foreign host.

 

[END] 2022-05-11 10:16:09

 


组网及组网描述:

三层交换机做网关,F1050防火墙做外网出口

1 个回答
按时间 按赞数
叫我靓仔
叫我靓仔 九段
粉丝:143人 关注:1人

有些软件的开发者瞎几把写代码,不管什么错就先报网络错,你测试下你到打印服务的联通行,端口是否政策开放

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +
网站相关
关于我们
服务条款
帮助中心
经验与权限
积分规则
联系我们
联系我们
建议反馈
常用链接
知了APP下载
标杆的神器下载
关注我们
H3C官网
新华三服务公众号
安仔远程运维服务
新华三商城
内容许可
除特别说明外,用户内容均可采用知识共享署名-相同方式共享3.0中国大陆许可协议进行许可

Copyright©2024新华三集团保留一切权利 当前呈现版本 NO.1

本图标版权归新华三集团所有,仅限本社区使用,切勿用做商业目的,违者必究

浙ICP备09064986号-1   浙公网安备 33010802004416号

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明