<H3C>dis cu
#
version 7.1.064, Release 9333P26
#
clock timezone UTC add 08:00:00
#
context Admin id 1
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 32
irf member 2 priority 1
#
ospf 10
area 0.0.0.0
network 192.168.10.1 0.0.0.0
#
ip unreachables enable
ip ttl-expires enable
#
nat port-block synchronization enable
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
vlan 1001
description BFD¼ì²â
#
irf-port 1/2
port group interface GigabitEthernet1/0/14
port group interface GigabitEthernet1/0/15
#
irf-port 2/1
port group interface GigabitEthernet2/0/14
port group interface GigabitEthernet2/0/15
#
object-group service ¸ßΣ
0 service tcp destination range 135 139
10 service udp destination range 135 139
20 service tcp destination eq 445
30 service udp
40 service tcp destination eq 177
60 service tcp destination eq 593
#
policy-based-route neiwang permit node 5
if-match acl 3000
apply next-hop 58.53.167.181
#
policy-based-route neiwang permit node 10
if-match acl 3001
apply next-hop 10.10.1.1
#
interface Reth1
ip address 192.168.10.1 255.255.255.0
member interface Route-Aggregation1 priority 255
member interface Route-Aggregation2 priority 1
nat hairpin enable
#
interface Route-Aggregation1
#
interface Route-Aggregation2
#
interface NULL0
#
interface Vlan-interface1001
description BFD¼ì²â
mad bfd enable
mad ip address 192.168.101.5 255.255.255.0 member 1
mad ip address 192.168.101.6 255.255.255.0 member 2
#
interface GigabitEthernet1/0/0
port link-mode route
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode route
ip address 1.1.1.1 255.255.255.252
#
interface GigabitEthernet1/0/2
port link-mode route
#
interface GigabitEthernet1/0/4
port link-mode route
port link-aggregation group 1
#
interface GigabitEthernet1/0/5
port link-mode route
port link-aggregation group 1
#
interface GigabitEthernet1/0/6
port link-mode route
#
interface GigabitEthernet1/0/7
port link-mode route
#
interface GigabitEthernet1/0/8
port link-mode route
#
interface GigabitEthernet1/0/9
port link-mode route
#
interface GigabitEthernet1/0/10
port link-mode route
#
interface GigabitEthernet1/0/11
port link-mode route
description ceshi
ip address 172.16.1.1 255.255.255.252
#
interface GigabitEthernet1/0/12
port link-mode route
ip address 10.10.1.2 255.255.255.0
nat outbound
#
interface GigabitEthernet1/0/13
port link-mode route
ip address 58.53.167.185 255.255.255.224
ip last-hop hold
nat outbound
#
interface GigabitEthernet1/0/16
port link-mode route
#
interface GigabitEthernet1/0/17
port link-mode route
#
interface GigabitEthernet1/0/18
port link-mode route
#
interface GigabitEthernet1/0/19
port link-mode route
#
interface GigabitEthernet1/0/20
port link-mode route
#
interface GigabitEthernet1/0/21
port link-mode route
#
interface GigabitEthernet1/0/22
port link-mode route
#
interface GigabitEthernet1/0/23
port link-mode route
#
interface GigabitEthernet2/0/0
port link-mode route
#
interface GigabitEthernet2/0/1
port link-mode route
#
interface GigabitEthernet2/0/2
port link-mode route
#
interface GigabitEthernet2/0/4
port link-mode route
port link-aggregation group 2
#
interface GigabitEthernet2/0/5
port link-mode route
port link-aggregation group 2
#
interface GigabitEthernet2/0/6
port link-mode route
#
interface GigabitEthernet2/0/7
port link-mode route
#
interface GigabitEthernet2/0/8
port link-mode route
#
interface GigabitEthernet2/0/9
port link-mode route
#
interface GigabitEthernet2/0/10
port link-mode route
#
interface GigabitEthernet2/0/11
port link-mode route
#
interface GigabitEthernet2/0/12
port link-mode route
#
interface GigabitEthernet2/0/13
port link-mode route
#
interface GigabitEthernet2/0/16
port link-mode route
#
interface GigabitEthernet2/0/17
port link-mode route
#
interface GigabitEthernet2/0/18
port link-mode route
#
interface GigabitEthernet2/0/19
port link-mode route
#
interface GigabitEthernet2/0/20
port link-mode route
#
interface GigabitEthernet2/0/21
port link-mode route
#
interface GigabitEthernet2/0/22
port link-mode route
#
interface GigabitEthernet2/0/23
port link-mode route
#
interface GigabitEthernet1/0/3
port link-mode bridge
description BFD¼ì²â
port access vlan 1001
undo stp enable
#
interface GigabitEthernet2/0/3
port link-mode bridge
description BFD¼ì²â
port access vlan 1001
undo stp enable
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet2/0/14
#
interface GigabitEthernet2/0/15
#
security-zone name Local
attack-defense apply policy test
#
security-zone name Trust
import interface GigabitEthernet1/0/1
import interface GigabitEthernet1/0/11
import interface Reth1
attack-defense apply policy test
#
security-zone name DMZ
#
security-zone name Untrust
import interface GigabitEthernet1/0/12
import interface GigabitEthernet1/0/13
attack-defense apply policy test
#
security-zone name Management
import interface GigabitEthernet1/0/0
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
authentication-mode scheme
user-role network-admin
#
line class usb
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line aux 1
user-role network-operator
#
line con 0 1
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-admin
idle-timeout 15 0
#
line vty 5 63
authentication-mode scheme
user-role network-admin
#
snmp-agent
snmp-agent local-engineid 800063A28074504EBFD1D400000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.20.1.101 params securityname public v2c
snmp-agent target-host trap address udp-domain 172.21.1.101 udp-port 5000 params securityname public
snmp-agent trap enable arp
snmp-agent trap enable radius
snmp-agent trap enable stp
snmp-agent trap enable syslog
#
ssh server enable
#
ntp-service enable
ntp-service unicast-server 172.20.1.101
#
acl basic 2000
description WiFi
rule 5 permit source 172.10.32.0 0.0.15.255
rule 10 permit source 172.10.16.0 0.0.15.255
#
acl basic 2001
rule 5 permit source 172.20.4.0 0.0.0.255
#
acl advanced 3000
description У԰WiFi
rule 5 permit ip source 172.10.32.0 0.0.15.255
rule 10 permit ip source 172.10.16.0 0.0.15.255
#
acl advanced 3001
description °à°àͨ
rule 5 permit ip source 172.20.4.0 0.0.0.255
#
password-control enable
undo password-control aging enable
undo password-control history enable
password-control length 8
password-control login-attempt 3 exceed lock-time 30
password-control update-interval 0
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
service-type ssh terminal https
authorization-attribute user-role network-admin
password-control login-attempt 3 exceed lock-time 30
#
local-user root class manage
authorization-attribute user-role network-operator
password-control login-attempt 2 exceed lock
#
session statistics enable
session synchronization enable
session synchronization dns http
#
ipsec redundancy enable
ipsec logging negotiation enable
#
ike logging negotiation enable
#
ip https port 8443
ip https enable
webui log enable
#
blacklist global enable
#
attack-defense policy test
scan detect level medium action logging block-source
#
app-profile 1_IPv4
ips apply policy default mode protect
anti-virus apply policy default mode protect
#
app-profile 2_IPv4
ips apply policy default mode protect
anti-virus apply policy default mode protect
#
app-profile 6_IPv4
ips apply policy default mode protect
anti-virus apply policy default mode protect
#
inspect logging parameter-profile av_logging_default_parameter
#
inspect logging parameter-profile ips_logging_default_parameter
#
inspect logging parameter-profile url_logging_default_parameter
#
loadbalance isp file flash:/lbispinfo_v1.5.tp
#
traffic-policy
rule 1 name ÏÞËÙ²ßÂÔ
action qos profile ÏÞËÙͨµÀ
source-zone Truns
destination-zone Untrust
profile name ÏÞËÙͨµÀ
bandwidth downstream guaranteed 10000000
bandwidth downstream maximum 10000000
bandwidth upstream guaranteed 10000000
bandwidth upstream maximum 10000000
bandwidth upstream guaranteed per-ip 20480
bandwidth upstream maximum per-ip 20480
bandwidth downstream guaranteed per-ip 40960
bandwidth downstream maximum per-ip 40960
#
security-policy ip
rule 1 name trust-untrust
action pass
logging enable
counting enable
profile 1_IPv4
source-zone Trust
destination-zone Untrust
destination-zone Local
rule 2 name untrust-trust
action pass
logging enable
counting enable
profile 2_IPv4
source-zone Untrust
destination-zone Trust
destination-zone Local
service ssh
service-port tcp destination eq 8443
service-port tcp destination eq 9443
service-port tcp destination eq 22
service-port tcp destination eq 7443
service-port tcp destination eq 443
service-port tcp destination eq 65443
---- More ----%Nov 2 10:28:28:358 2024 Fxyz_JYW_FW SSHS/6/SSHS_LOG: -COntext=1; Connection closed by 79.110.62.93.
service-port tcp destination eq 9500
service-port tcp destination range 9000 9400
---- More ----%Nov 2 10:28:28:359 2024 Fxyz_JYW_FW SSHS/6/SSHS_DISCONNECT: -COntext=1; SSH user (IP: 79.110.62.93) disconnected from the server.
service-port tcp destination eq 8081
service-port tcp destination range 61616 61617
service-port tcp destination eq 50001
service-port tcp destination range 3121 3123
service-port tcp destination eq 9902
service-port tcp destination eq 8083
service-port tcp destination eq 80
service-port tcp destination eq 1935
service-port tcp destination eq 6080
service-port tcp destination range 5555 5570
service-port tcp destination eq 6060
service-port tcp destination eq 3389
service-port tcp destination eq 9022
service-port tcp destination eq 8080
service-port udp destination range 60000 65000
service-port udp destination eq 9902
rule 6 name local-any
action pass
logging enable
counting enable
profile 6_IPv4
source-zone Local
rule 7 name ¸ßΣ¶Ë¿Ú
counting enable
source-zone Untrust
destination-zone Trust
destination-zone Local
service ¸ßΣ
#
ips logging parameter-profile ips_logging_default_parameter
#
anti-virus logging parameter-profile av_logging_default_parameter
#
return
<Fxyz_JYW_FW>
H3C无法打开web页面
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论