华为防火墙-管理配置

1.使用eNSP拓扑图搭建以下拓扑图,并按如下要求规划IP地址(其中X为自己学号的后两位)

华为防火墙-管理配置_第1张图片

2.通过Console口登陆

(1)通过Console口登录USG防火墙

  1. 配置USG的设置名称和时间等

3.启动SSH服务

  1. 启用SSH服务
  2. 创建SSH管理员账号
  3. 生成本地密钥对

(4)配置VTY用户界面

(5)配置SSH登陆接口

(6)在路由器上SSH登陆防火墙测试配置是否成功,测试结果截图

4.通过WEB方式登陆设备

Note:缺省情况下,设备的GE0/0/0的IP地址是192.168.0.1,并开启HTTPS管理。用户可以通过用户名admin,密码Admin@123登录。

(1)配置管理PC的IP地址为192.168.0.10/24。

(2)管理PC通过浏览器访问https://192.168.0.1:8443,输入用户名admin,密码Admin@123,检查是否可以登录设备。如果成功登录则表示配置成功,否则请检查配置。

(3)修改缺省管理员账号的密码后,单击“确定”,进入Web界面。

防火墙管理配置详细步骤

1.使用eNSP拓扑图搭建以下拓扑图,并按如下要求规划IP地址(其中X为自己学号的后两位)

2.Console口配置

(1)通过Console口登录USG防火墙

  华为防火墙-管理配置_第2张图片

 

 

(2)配置USG的设置名称和时间等

system

[USG6000V1]sysname yinsl_USG

[yinsl_USG]quit

clock timezone UTC add 8

clock datetime 17:26:00 2019-3-9

display clock

2019-03-09 17:26:07+08:00

Saturday

Time Zone(UTC) : UTC+08:00

华为防火墙-管理配置_第3张图片

 

3.启动SSH服务

a.在接口上启用SSH服务并加入Trust安全区域

[yinsl_USG]interface GigabitEthernet 1/0/0     //配置SSH登陆接口

[yinsl_USG-GigabitEthernet1/0/0]ip address 10.0.0.1 24

[yinsl_USG-GigabitEthernet1/0/0]service-manage enable

[yinsl_USG-GigabitEthernet1/0/0]service-manage ssh permit

[yinsl_USG-GigabitEthernet1/0/0]quit

[yinsl_USG]firewall zone trust

[yinsl_USG-zone-trust]add interface g 1/0/0

[yinsl_USG-zone-trust]quit

b.配置验证方式位AAA

[yinsl_USG]user-interface vty 0 4     [yinsl_USG-ui-vty0-4]authentication-mode aaa

[yinsl_USG-ui-vty0-4]user privilege level 15

[yinsl_USG-ui-vty0-4]protocol inbound ssh

[yinsl_USG-ui-vty0-4]quit

c.创建SSH管理员账号

[yinsl_USG]aaa  //创建SSH管理员账号:yinsl + huawei@123

[yinsl_USG-aaa]manager-user yinsl   

[yinsl_USG-aaa-manager-user-yinsl]service-type ssh

[yinsl_USG-aaa-manager-user-yinsl]password

Enter Password:   

Confirm Password:

[yinsl_USG-aaa-manager-user-yinsl]quit

[FW-aaa] bind manager-user ysl role system-admin

[FW-aaa] quit

d.生产本地密钥对并启用SSH服务

[yinsl_USG]rsa local-key-pair create    //生成本地密钥对

[yinsl_USG]stelnet server enable     //启用SSH服务

e.配置SSH用户

[yinsl_USG]ssh user yinsl

[yinsl_USG]ssh user yinsl authentication-type password

[yinsl_USG]ssh user yinsl service-type stelnet

在路由器上SSH登陆防火墙,测试配置是否成功。测试结果截图

[Router]interface GigabitEthernet 0/0/0

[Router-GigabitEthernet0/0/0]ip address 10.0.0.10 24

[Router-GigabitEthernet0/0/0]quit

[Router]ssh client first-time enable

[Router]stelnet 10.0.0.1

Please input the username:yinsl

Trying 10.0.0.1 ...

Press CTRL+K to abort

Connected to 10.0.0.1 ...

The server is not authenticated. Continue to access it? (y/n)[n]:y

Save the server's public key? (y/n)[n]:y

The server's public key will be saved with the name 10.0.0.1. Please wait...

Enter password:

*************************************************************************

*         Copyright (C) 2014-2015 Huawei Technologies Co., Ltd.         *

*                           All rights reserved.                        *

*               Without the owner's prior written consent,              *

*        no decompiling or reverse-engineering shall be allowed.        *

*************************************************************************

Info: The max number of VTY users is 10, and the number

      of current VTY users on line is 3.

      The current login time is 2019-03-09 20:38:42+08:00.

sys

Enter system view, return user view with Ctrl+Z.

你可能感兴趣的:(华为防火墙,安全)