防火墙双出口网络卡
- 0关注
- 0收藏,51浏览
配置文件看一下
配置我发在下面了
看配置没什么问题,而且你现在的配置也不是两条负载,是只走专线,按理说这个配置和你单走专线的情况是一样的,是不是专线带宽占满了导致卡顿的 ip route-static 0.0.0.0 0 GigabitEthernet1/0/1 36.151.68.33 preference 55 ip route-static 0.0.0.0 0 Dialer0
不会是跑满带宽导致的,因为用户反映,任意断开其中一条宽带,就恢复正常了,而且用户要求两条宽带要做负载
是因为发现有问题,所以临时配置了专线的宽带优先级55
配置如下:
<FW>dis cu
#
version 7.1.064, Release 8860P1211
#
sysname FW
#
clock protocol none
#
context Admin id 1
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dialer-group 2 rule ip permit
#
dns server 8.8.8.8
dns server 114.114.114.114
#
sysid FW
#
password-recovery enable
#
vlan 1
#
vlan 10
#
object-group ip address FK
security-zone Trust
0 network subnet 10.100.251.0 255.255.255.0
#
object-group service SSLVPN
0 service tcp destination eq 4433
#
nqa template icmp gw
destination ip 218.2.135.1
#
interface Bridge-Aggregation10
port access vlan 10
#
interface Dialer0
mtu 1492
ppp chap password cipher $c$3$3XvsvzWq78brC2ipR/huDiLgl9rbMpglrA==
ppp chap user VJTyc515438410670000
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user VJTyc515438410670000 password cipher $c$3$hPYolnbQ1gc1FvuVCLZt4KMdH6VOOJRVAA==
dialer bundle enable
dialer-group 2
dialer timer idle 0
dialer timer autodial 5
ip address ppp-negotiate
tcp mss 1400
#
interface NULL0
#
interface Vlan-interface10
ip address 10.100.10.3 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-mode route
#
interface GigabitEthernet1/0/1
port link-mode route
description GuideWan Interface
ip address 36.151.68.47 255.255.255.224
ip last-hop hold
gateway 36.151.68.33
#
interface GigabitEthernet1/0/3
port link-mode route
ip last-hop hold
pppoe-client dial-bundle-number 0
#
interface GigabitEthernet1/0/4
port link-mode route
#
interface GigabitEthernet1/0/5
port link-mode route
#
interface GigabitEthernet1/0/6
port link-mode route
#
interface GigabitEthernet1/0/7
port link-mode route
#
interface GigabitEthernet1/0/8
port link-mode route
#
interface GigabitEthernet1/0/9
port link-mode route
#
interface GigabitEthernet1/0/10
port link-mode route
#
interface GigabitEthernet1/0/11
port link-mode route
#
interface GigabitEthernet1/0/12
port link-mode route
#
interface GigabitEthernet1/0/13
port link-mode route
#
interface GigabitEthernet1/0/14
port link-mode route
#
interface GigabitEthernet1/0/15
port link-mode route
#
interface GigabitEthernet1/0/18
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/0/19
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/0/20
port link-mode route
#
interface GigabitEthernet1/0/21
port link-mode route
#
interface GigabitEthernet1/0/22
port link-mode route
#
interface GigabitEthernet1/0/23
port link-mode route
#
interface GigabitEthernet1/0/24
port link-mode route
#
interface GigabitEthernet1/0/25
port link-mode route
#
interface GigabitEthernet1/0/2
port link-mode bridge
#
interface GigabitEthernet1/0/16
port link-mode bridge
port access vlan 10
combo enable fiber
port link-aggregation group 10
#
interface GigabitEthernet1/0/17
port link-mode bridge
port access vlan 10
combo enable fiber
port link-aggregation group 10
#
interface M-GigabitEthernet1/0/0
ip address 192.168.0.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/26
port link-mode route
#
interface Ten-GigabitEthernet1/0/27
port link-mode route
#
interface SSLVPN-AC1
ip address 10.100.100.1 255.255.255.0
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface10
import interface Bridge-Aggregation10 vlan 10
import interface GigabitEthernet1/0/2 vlan 10
import interface GigabitEthernet1/0/16 vlan 10
import interface GigabitEthernet1/0/17 vlan 10
#
security-zone name DMZ
#
security-zone name Untrust
import interface Dialer0
import interface GigabitEthernet1/0/1
import interface GigabitEthernet1/0/3
#
security-zone name Management
import interface M-GigabitEthernet1/0/0
#
security-zone name SSLVPN
import interface SSLVPN-AC1
#
scheduler logfile size 16
#
line class console
authentication-mode scheme
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-admin
idle-timeout 30 30
#
line vty 5 63
authentication-mode scheme
user-role network-admin
#
ip route-static 0.0.0.0 0 GigabitEthernet1/0/1 36.151.68.33 preference 55
ip route-static 0.0.0.0 0 Dialer0
ip route-static 10.100.0.0 16 Vlan-interface10 10.100.10.1
#
info-center loghost 127.0.0.1 port 3301 format default
info-center source CFGLOG loghost level informational
#
ssh server enable
#
acl advanced 3999
rule 0 permit ip
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$Gl+ntUknVatpizkY$8WYrCLp9PPH+Jgyyy4Uf0SSCsXt4vvcn+z4Stnbloa/ISK9tREIgc/8Ei7ufh6lCSvB2AlXNgF/cMlNUoUPN4w==
service-type ssh telnet terminal http https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user chenlongfei class network
password cipher $c$3$PrSIBWgF0THQ3Rkb8v7fZxnn2oEqz/MfuBEm
access-limit 3
service-type sslvpn
authorization-attribute user-role network-operator
authorization-attribute sslvpn-policy-group SSLVPN
description
#
local-user luotianyu class network
password cipher $c$3$DobmT+EbPboGWFsKkaZJvr47ocl7DXk8IuufaxY=
access-limit 2
service-type sslvpn
authorization-attribute user-role network-operator
authorization-attribute sslvpn-policy-group SSLVPN
description
#
local-user test class network
password cipher $c$3$RWVBeHbJzY1lziyHn2W/lXD/m4ncla2AAszzYw==
service-type sslvpn
authorization-attribute user-role network-operator
# attribute sslvpn-policy-group SSLVPN
---- More ----
public-key peer 127.0.0.1
public-key-code begin
30819F300D06092A864886F70D010101050003818D0030818902818100C5E8C3EE520DE8B6
0F41484B69EAD67E040C43A05D598286E946D8305D4B774C50A6948DC977FF91C1B423DA99
861FDF1DAD27DE57F7CACB85CA49EB59A355F0AE0E05D9BCD254C5AF18A321BBE770B87768
C9025D100FF9370725232FE7D8784C9F358734D9F42ACE28DF2D0AEC2B5D9C225EDC100AF5
DC0DCFED27DE46E4AD0203010001
public-key-code end
peer-public-key end
#
session statistics enable
#
nat global-policy
rule name GlobalPolicyRule_1
description GuideNat
source-zone Trust
destination-zone Untrust
action snat easy-ip
counting enable
#
ip https enable
#
blacklist global enable
#
app-profile 1_IPv4
ips apply policy default mode protect
data-filter apply policy default
url-filter apply policy default
file-filter apply policy default
anti-virus apply policy default mode protect
waf apply policy default mode protect
apt apply policy default
#
loadbalance link-group lg_all
transparent enable
success-criteria at-least 1
link lianlu1
weight 2
success-criteria at-least 1
probe gw
link lianlu2
weight 2
success-criteria at-least 1
probe gw
#
loadbalance isp file flash:/lbispinfo_v1.5.tp
#
loadbalance link lianlu1
router ip 36.151.68.33
#
loadbalance link lianlu2
router interface Dialer0
#
traffic-policy
all-traffic-control enable
rule 1 name FK_xiansu_50M
action qos profile fk_xiansu_50m
source-address address-set FK
source-zone Trust
destination-zone Untrust
profile name fk_xiansu_50m
bandwidth upstream maximum per-ip 50000
bandwidth downstream maximum per-ip 50000
#
sslvpn ip address-pool "SSLVPN IP" 10.100.100.10 10.100.100.100
sslvpn ip address-pool SSLVPN0.100.100.10 10.100.100.100
#
sslvpn gateway SSLVPN
ip address 36.151.68.47 port 4433
service enable
#
sslvpn context SSL
gateway SSLVPN
ip-tunnel interface SSLVPN-AC1
ip-tunnel address-pool SSLVPNask 255.255.255.0
ip-route-list
include 10.100.0.0 255.255.0.0
policy-group SSLVPN
filter ip-tunnel acl 3999
ip-tunnel access-route ip-route-list
force-logout max-onlines enable
service enable
#
security-policy ip
rule 2 name senbo
logging enable
source-zone Trust
destination-zone Untrust
source-ip-subnet 10.100.10.0 255.255.255.0
source-ip-subnet 10.100.230.0 255.255.254.0
source-ip-subnet 10.100.240.0 255.255.254.0
rule 1 name any-any
action pass
logging enable
profile 1_IPv4
rule 0 name GuideSecPolicy
action pass
source-zone Trust
destination-zone Untrust
destination-zone DMZ
#
security-policy ipv6
#
cloud-management server domain opstunnel-seccloud.h3c.com
#
return
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
是因为发现有问题,所以临时配置了专线的宽带优先级55