组网及说明
组网说明:
本案例采用ENSP模拟器的防火墙来部署路由模式的典型配置,安全域在网络拓扑图中已经有了明确的标识,全网通过静态路由协议实现PC之间的互通。
配置思路:
1、按照网络拓扑图配置IP地址和静态路由。
2、配置防火墙的安全域和安全策略。
配置步骤
R1:
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>u t d
Info: Current terminal debugging is off.
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]int gi 0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.10.1 24
[R1-GigabitEthernet0/0/2]quit
[R1]int gi 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.0.1 30
[R1-GigabitEthernet0/0/1]quit
[R1]ip route-static 192.168.20.0 24 10.0.0.2
FW1:
<USG6000V1>u t m
Info: Current terminal monitor is off.
<USG6000V1>u t d
Info: Current terminal debugging is off.
<USG6000V1>system
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sysname FW1
[FW1]int gi 1/0/1
[FW1-GigabitEthernet1/0/1]ip address 10.0.0.2 30
[FW1-GigabitEthernet1/0/1]quit
[FW1]int gi 1/0/2
[FW1-GigabitEthernet1/0/2]ip address 192.168.20.1 24
[FW1-GigabitEthernet1/0/2]quit
[FW1]ip route-static 192.168.10.0 24 10.0.0.1
[FW1]firewall zone trust
[FW1-zone-trust]add int gi 1/0/2
[FW1-zone-trust]quit
[FW1]firewall zone untrust
[FW1-zone-untrust]add int gi 1/0/1
[FW1-zone-untrust]quit
[FW1]security-policy
[FW1-policy-security]default action permit
Warning:Setting the default packet filtering to permit poses security risks. You
are advised to configure the security policy based on the actual data flows. Ar
e you sure you want to continue?[Y/N]y
[FW1-policy-security]quit
使用dis ip routing-table命令查看FW1和R1的路由表,均能学习到对端传递过来的路由。
PC分别填写IP地址,且能相互PING通。
至此,华为防火墙路由模式典型组网配置案例(静态路由)已完成!