• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

H3C SecPath F100-C-EI 添加dmz到trust的安全放行的命令

2020-04-27提问
  • 0关注
  • 1收藏,1286浏览
粉丝:0人 关注:0人

问题描述:

# sysname f100-c # undo firewall packet-filter enable firewall packet-filter default permit # insulate # undo firewall statistic system enable # radius scheme system server-type extended # domain system # local-user admin password simple hytera service-type telnet terminal level 3 service-type ftp # acl number 2000 rule 0 permit source 10.0.2.0 0.0.0.255 # acl number 3000 rule 0 deny ip destination 192.168.0.0 0.0.255.255 rule 100 deny ip destination 70.70.1.0 0.0.0.255 rule 101 deny ip destination 20.190.0.0 0.0.255.255 rule 102 permit ip rule 200 permit ip source 20.180.0.0 0.0.0.255 acl number 3050 rule 0 permit ip # interface Aux0 async mode flow # interface Ethernet0/0 description toDIP ip address 10.110.36.251 255.255.255.0 nat outbound 3000 nat server protocol tcp global 10.110.36.251 33898 inside 20.180.5.80 22 nat server protocol tcp global 10.110.36.251 33899 inside 20.180.0.88 22 nat server protocol tcp global 10.110.36.251 33893 inside 20.180.0.63 ftp nat server protocol tcp global 10.110.36.251 33892 inside 20.180.0.62 ftp nat server protocol udp global 10.110.36.251 33893 inside 20.180.0.63 22 nat server protocol udp global 10.110.36.251 5067 inside 20.180.0.62 5067 nat server protocol tcp global 10.110.36.251 8050 inside 20.180.0.65 8050 nat server protocol tcp global 10.110.36.251 9010 inside 20.180.0.62 9010 nat server protocol tcp global 10.110.36.251 33891 inside 20.180.0.89 3688 nat server protocol udp global 10.110.36.251 20100 inside 20.180.0.63 20100 nat server protocol udp global 10.110.36.251 20101 inside 20.180.0.63 20101 nat server protocol udp global 10.110.36.251 20102 inside 20.180.0.63 20102 nat server protocol udp global 10.110.36.251 20103 inside 20.180.0.63 20103 nat server protocol udp global 10.110.36.251 20104 inside 20.180.0.63 20104 nat server protocol udp global 10.110.36.251 20105 inside 20.180.0.63 20105 nat server protocol udp global 10.110.36.251 20106 inside 20.180.0.63 20106 nat server protocol udp global 10.110.36.251 20107 inside 20.180.0.63 20107 nat server protocol udp global 10.110.36.251 20108 inside 20.180.0.63 20108 nat server protocol udp global 10.110.36.251 20109 inside 20.180.0.63 20109 nat server protocol udp global 10.110.36.251 20110 inside 20.180.0.63 20110 nat server protocol udp global 10.110.36.251 20111 inside 20.180.0.63 20111 nat server protocol udp global 10.110.36.251 20112 inside 20.180.0.63 20112 nat server protocol udp global 10.110.36.251 20113 inside 20.180.0.63 20113 nat server protocol udp global 10.110.36.251 20114 inside 20.180.0.63 20114 nat server protocol udp global 10.110.36.251 20115 inside 20.180.0.63 20115 nat server protocol udp global 10.110.36.251 20116 inside 20.180.0.63 20116 nat server protocol udp global 10.110.36.251 20117 inside 20.180.0.63 20117 nat server protocol udp global 10.110.36.251 20118 inside 20.180.0.63 20118 nat server protocol udp global 10.110.36.251 20119 inside 20.180.0.63 20119 nat server protocol udp global 10.110.36.251 20120 inside 20.180.0.63 20120 nat server protocol udp global 10.110.36.251 20121 inside 20.180.0.63 20121 nat server protocol udp global 10.110.36.251 20122 inside 20.180.0.63 20122 nat server protocol udp global 10.110.36.251 20123 inside 20.180.0.63 20123 nat server protocol udp global 10.110.36.251 20124 inside 20.180.0.63 20124 nat server protocol udp global 10.110.36.251 20125 inside 20.180.0.63 20125 nat server protocol udp global 10.110.36.251 20126 inside 20.180.0.63 20126 nat server protocol udp global 10.110.36.251 20127 inside 20.180.0.63 20127 nat server protocol udp global 10.110.36.251 20128 inside 20.180.0.63 20128 nat server protocol udp global 10.110.36.251 20129 inside 20.180.0.63 20129 nat server protocol udp global 10.110.36.251 20130 inside 20.180.0.63 20130 nat server protocol udp global 10.110.36.251 20131 inside 20.180.0.63 20131 nat server protocol udp global 10.110.36.251 20132 inside 20.180.0.63 20132 nat server protocol udp global 10.110.36.251 20133 inside 20.180.0.63 20133 nat server protocol udp global 10.110.36.251 20134 inside 20.180.0.63 20134 nat server protocol udp global 10.110.36.251 20135 inside 20.180.0.63 20135 nat server protocol udp global 10.110.36.251 20136 inside 20.180.0.63 20136 nat server protocol udp global 10.110.36.251 20137 inside 20.180.0.63 20137 nat server protocol udp global 10.110.36.251 20138 inside 20.180.0.63 20138 nat server protocol udp global 10.110.36.251 20139 inside 20.180.0.63 20139 nat server protocol udp global 10.110.36.251 20140 inside 20.180.0.63 20140 nat server protocol udp global 10.110.36.251 20141 inside 20.180.0.63 20141 nat server protocol udp global 10.110.36.251 20142 inside 20.180.0.63 20142 nat server protocol udp global 10.110.36.251 20143 inside 20.180.0.63 20143 nat server protocol udp global 10.110.36.251 20144 inside 20.180.0.63 20144 nat server protocol udp global 10.110.36.251 20145 inside 20.180.0.63 20145 nat server protocol udp global 10.110.36.251 20146 inside 20.180.0.63 20146 nat server protocol udp global 10.110.36.251 20147 inside 20.180.0.63 20147 nat server protocol udp global 10.110.36.251 20148 inside 20.180.0.63 20148 nat server protocol udp global 10.110.36.251 20149 inside 20.180.0.63 20149 nat server protocol udp global 10.110.36.251 20150 inside 20.180.0.63 20150 nat server protocol udp global 10.110.36.251 20151 inside 20.180.0.63 20151 nat server protocol udp global 10.110.36.251 20152 inside 20.180.0.63 20152 nat server protocol udp global 10.110.36.251 20153 inside 20.180.0.63 20153 nat server protocol udp global 10.110.36.251 20154 inside 20.180.0.63 20154 nat server protocol udp global 10.110.36.251 20155 inside 20.180.0.63 20155 nat server protocol udp global 10.110.36.251 20156 inside 20.180.0.63 20156 nat server protocol udp global 10.110.36.251 20157 inside 20.180.0.63 20157 nat server protocol udp global 10.110.36.251 20158 inside 20.180.0.63 20158 nat server protocol udp global 10.110.36.251 20159 inside 20.180.0.63 20159 nat server protocol udp global 10.110.36.251 20160 inside 20.180.0.63 20160 nat server protocol udp global 10.110.36.251 20161 inside 20.180.0.63 20161 nat server protocol udp global 10.110.36.251 20162 inside 20.180.0.63 20162 nat server protocol udp global 10.110.36.251 20163 inside 20.180.0.63 20163 nat server protocol udp global 10.110.36.251 20164 inside 20.180.0.63 20164 nat server protocol udp global 10.110.36.251 20165 inside 20.180.0.63 20165 nat server protocol udp global 10.110.36.251 20166 inside 20.180.0.63 20166 nat server protocol udp global 10.110.36.251 20167 inside 20.180.0.63 20167 nat server protocol udp global 10.110.36.251 20168 inside 20.180.0.63 20168 nat server protocol udp global 10.110.36.251 20169 inside 20.180.0.63 20169 nat server protocol udp global 10.110.36.251 20170 inside 20.180.0.63 20170 nat server protocol udp global 10.110.36.251 20171 inside 20.180.0.63 20171 nat server protocol udp global 10.110.36.251 20172 inside 20.180.0.63 20172 nat server protocol udp global 10.110.36.251 20173 inside 20.180.0.63 20173 nat server protocol udp global 10.110.36.251 20174 inside 20.180.0.63 20174 nat server protocol udp global 10.110.36.251 20175 inside 20.180.0.63 20175 nat server protocol udp global 10.110.36.251 20176 inside 20.180.0.63 20176 nat server protocol udp global 10.110.36.251 20177 inside 20.180.0.63 20177 nat server protocol udp global 10.110.36.251 20178 inside 20.180.0.63 20178 nat server protocol udp global 10.110.36.251 20179 inside 20.180.0.63 20179 nat server protocol udp global 10.110.36.251 20180 inside 20.180.0.63 20180 nat server protocol udp global 10.110.36.251 20181 inside 20.180.0.63 20181 nat server protocol udp global 10.110.36.251 20182 inside 20.180.0.63 20182 nat server protocol udp global 10.110.36.251 20183 inside 20.180.0.63 20183 nat server protocol udp global 10.110.36.251 20184 inside 20.180.0.63 20184 nat server protocol udp global 10.110.36.251 20185 inside 20.180.0.63 20185 nat server protocol udp global 10.110.36.251 20186 inside 20.180.0.63 20186 nat server protocol udp global 10.110.36.251 20187 inside 20.180.0.63 20187 nat server protocol udp global 10.110.36.251 20188 inside 20.180.0.63 20188 nat server protocol udp global 10.110.36.251 20189 inside 20.180.0.63 20189 nat server protocol udp global 10.110.36.251 20190 inside 20.180.0.63 20190 nat server protocol udp global 10.110.36.251 20191 inside 20.180.0.63 20191 nat server protocol udp global 10.110.36.251 20192 inside 20.180.0.63 20192 nat server protocol udp global 10.110.36.251 20193 inside 20.180.0.63 20193 nat server protocol udp global 10.110.36.251 20194 inside 20.180.0.63 20194 nat server protocol udp global 10.110.36.251 20195 inside 20.180.0.63 20195 nat server protocol udp global 10.110.36.251 20196 inside 20.180.0.63 20196 nat server protocol udp global 10.110.36.251 20197 inside 20.180.0.63 20197 nat server protocol udp global 10.110.36.251 20198 inside 20.180.0.63 20198 nat server protocol udp global 10.110.36.251 20199 inside 20.180.0.63 20199 nat server protocol tcp global 10.110.36.251 40001 inside 20.180.0.31 22 nat server protocol tcp global 10.110.36.251 40002 inside 20.180.0.33 22 nat server protocol tcp global 10.110.36.251 33894 inside 20.180.0.63 3688 nat server protocol tcp global 10.110.36.251 33897 inside 20.180.0.62 22 nat server protocol tcp global 10.110.36.251 3389 inside 20.190.0.3 3389 nat server protocol tcp global 10.110.36.251 46000 inside 20.180.100.80 46000 nat server protocol tcp global 10.110.36.251 46001 inside 20.180.100.80 46001 nat server protocol tcp global 10.110.36.251 8040 inside 20.180.100.50 8040 nat server protocol tcp global 10.110.36.251 8030 inside 20.180.100.50 8030 nat server protocol tcp global 10.110.36.251 5067 inside 20.180.100.50 5067 # interface Ethernet0/1 ip address 20.180.0.2 255.255.255.0 # interface Ethernet0/2 ip address 20.180.4.2 255.255.255.0 # interface Ethernet0/3 description toMPT ip address 20.180.100.2 255.255.255.224 # interface Ethernet0/4 description toSW1/0/47 # interface Encrypt1/0 # interface Tunnel100 ip address 20.181.0.1 255.255.255.0 source 10.110.36.251 destination 10.110.36.252 # interface NULL0 # interface LoopBack1 ip address 20.0.3.247 255.255.255.255 # firewall zone local set priority 100 # firewall zone trust add interface Ethernet0/2 add interface Ethernet0/4 set priority 85 # firewall zone untrust set priority 5 # firewall zone DMZ add interface Ethernet0/0 add interface Ethernet0/1 add interface Ethernet0/3 set priority 50 # firewall interzone local trust # firewall interzone local untrust # firewall interzone local DMZ # firewall interzone trust untrust # firewall interzone trust DMZ # firewall interzone DMZ untrust # info-center source default channel 2 debug state on info-center loghost 192.168.69.14 facility local5 # FTP server enable # ip route-static 0.0.0.0 0.0.0.0 10.110.36.1 preference 60 ip route-static 20.180.1.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.2.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.3.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.4.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.5.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.6.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.7.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.8.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.12.0 255.255.255.0 20.180.4.1 preference 60 ip route-static 20.180.100.0 255.255.255.0 20.180.100.1 preference 60 ip route-static 20.190.0.0 255.255.0.0 10.110.36.252 preference 60 ip route-static 40.18.8.0 255.255.255.0 10.110.36.100 preference 60 ip route-static 40.19.8.0 255.255.255.0 10.110.36.100 preference 60 ip route-static 70.70.1.0 255.255.255.0 10.110.36.29 preference 60 # snmp-agent snmp-agent local-engineid 000063A27F00000100001515 snmp-agent community read public snmp-agent sys-info version all # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return 


现在上层设备10.110.36.1ping不通这台防火墙的trust域的20.180.4.2这个接口ip   连接上层设备的接口被加进了dmz区域。 怎么能让DMZ  ping  通trust安全域   就是让10.110.36.1 ping 通20.180.4.2   命令是什么啊?

最佳答案

David1 三段
粉丝:1人 关注:0人

做个域间策略即可,

firewall interzone DMZ trust

firewall interzone trust DMZ


1.检查trust域有没有加20.180.4.2地址 2.检查10.110.36.1到20.180.4.2的路由

David1 发表时间:2020-04-27 更多>>

那这个策略已经做了,但还是ping不通20.180.4.2

zhiliao_O0U4v 发表时间:2020-04-27

1.检查trust域有没有加20.180.4.2地址 2.检查10.110.36.1到20.180.4.2的路由

David1 发表时间:2020-04-27
0 个回答

该问题暂时没有网友解答

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明