H3C SecPath F100-C 防火墙默认配置

    H3C SecPath F100-C 防火墙默认配置

   XX市一船物公司的H3C F100-C防火墙默认配置,只要求能接入Internet。
    组网环境,一台 H3C F100-C防火墙、一台48口杂牌子的傻瓜交换机、PC直接连入48口交换机。
    F100-C WAN口接ADSL Modem ,LAN口接交换机。
    H3C F100-C的配置信息:
[H3C] display current-configuration
#
 sysname H3C           
#
 firewall packet-filter enable                             
 firewall packet-filter default permit
#
 connection-limit disable                        
 connection-limit default deny                             
 connection-limit default amount upper-limit 50 lower-limit 20
#
 dialer-rule 1 ip permit                       
#
 firewall statistic system enable                                
#
radius scheme system                   
#
domain system            
#
local-user admin               
 password simple 123456aA                          
 service-type telnet terminal                            
 level 3       
 service-type ftp                
#
acl number 2000              
 rule 0 permit source 192.168.0.0 0.0.0.255
#
interface Dialer1                
 link-protocol ppp                 
 ppp pap local-user xx********@163 password simple 123456
 tcp mss 1024            
 ip address ppp-negotiate                        
 dialer user adsl                
 dialer-group 1              
 dialer bundle 1               
 nat outbound 2000                 
#
interface Ethernet1/0                    
 tcp mss 1024            
 ip address 192.168.0.1 255.255.255.0
#
interface Ethernet2/0                    
 speed 10        
 duplex full           
 pppoe-client dial-bundle-number 1
 tcp mss 1024            
 ip address dhcp-alloc                     
#
interface NULL0              
#
firewall zone local                  
 set priority 100                
#
firewall zone trust                  
 set priority 85               
#
firewall zone untrust                    
 add interface Ethernet2/0                         
 add interface Dialer1                     
 set priority 5              
#
firewall zone DMZ                
 set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
 FTP server enable
#
 ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
user-interface vty 0 4
 authentication-mode scheme
#
return
   (只做了个PPPoE的拨号,其他设置都是此防火墙默认设置)

你可能感兴趣的:(职场,h3c,休闲,F100-C)