eNSP企业私有网络添加防火墙

一、网络拓扑图
企业私有网络的搭建参考：https://blog.csdn.net/Bilise/article/details/105586449

（1）添加防火墙并对其进行配置

<SRG>sys
[SRG]sysname FW1
[FW1]firewall zone trust
[FW1-zone-trust]add interface GigabitEthernet 0/0/2
[FW1-zone-trust]quit
[FW1]firewall zone untrust
[FW1-zone-untrust]add interface GigabitEthernet 0/0/1
[FW1-zone-untrust]quit
[FW1]inter GigabitEthernet 0/0/2
[FW1-GigabitEthernet0/0/2]ip address 192.168.5.2 24
[FW1-GigabitEthernet0/0/2]quit
[FW1]interface GigabitEthernet 0/0/1
[FW1-GigabitEthernet0/0/1]ip address 192.168.56.2 24
[FW1-GigabitEthernet0/0/1]quit
[FW1]ip route-static 0.0.0.0 0 192.168.174.1
[FW1]policy interzone trust untrust outbound
[FW1-policy-interzone-trust-untrust-outbound]policy 0
[FW1-policy-interzone-trust-untrust-outbound-0]action permit
[FW1-policy-interzone-trust-untrust-outbound-0]policy source 172.16.0.0 0.0.255.255
[FW1-policy-interzone-trust-untrust-outbound-0]quit
[FW1-policy-interzone-trust-untrust-outbound]quit
[FW1]nat-policy interzone trust untrust outbound
[FW1-nat-policy-interzone-trust-untrust-outbound]policy 1
[FW1-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[FW1-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.0.0 0.0.255.255
[FW1-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1
[FW1-nat-policy-interzone-trust-untrust-outbound-1]quit
[FW1-nat-policy-interzone-trust-untrust-outbound]quit
[FW1]ospf 1
[FW1-ospf-1]default-route-advertise always cost 200 type 1
[FW1-ospf-1]area 0
[FW1-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255

（2）配置R2

<R1>sys
[R1]inter GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[R1-GigabitEthernet0/0/2]quit
[R1]ip route-static 192.168.56.0 24 192.168.5.2
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255

（3)关闭windows防火墙（避免影响实验）

二、测试
使用三台PC机，访问外网映射网卡的IP


设置没有让PC3通过，所以ping不通