防火墙网络信息安全试验拓扑的配置互联互通

Posted gd-hn-mzh

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了防火墙网络信息安全试验拓扑的配置互联互通相关的知识,希望对你有一定的参考价值。

一、实验拓扑:

技术图片

 

  二、网络拓扑互联互通:

路由器、交换机、主机的IP地址配置  略。

交换机LSW1  VLAN的配置如下所示:

[SW1]disp vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up;         D: Down;         TG: Tagged;         UT: Untagged;
MP: Vlan-mapping;               ST: Vlan-stacking;
#: ProtocolTransparent-vlan;    *: Management-vlan;
--------------------------------------------------------------------------------

VID  Type    Ports                                                          
--------------------------------------------------------------------------------
1    common  UT:Eth0/0/4(D)     Eth0/0/5(D)     Eth0/0/6(D)     Eth0/0/7(D)     
                Eth0/0/8(D)     Eth0/0/9(D)     Eth0/0/10(D)    Eth0/0/11(D)    
                Eth0/0/12(D)    Eth0/0/13(D)    Eth0/0/14(D)    Eth0/0/15(D)    
                Eth0/0/16(D)    Eth0/0/17(D)    Eth0/0/18(D)    Eth0/0/19(D)    
                Eth0/0/20(D)    Eth0/0/21(D)    Eth0/0/22(D)    GE0/0/1(D)      
                GE0/0/2(D)                                                      

10   common  UT:Eth0/0/1(U)                                                     

20   common  UT:Eth0/0/2(U)     Eth0/0/3(U)

交换机LSW1的路由配置:ip route-static 0.0.0.0 0.0.0.0 Vlanif10 11.0.0.10

交换机LSW1的路由表:

[SW1]disp ip rout
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0           D   11.0.0.10       Vlanif10
       10.1.1.0/24  Direct  0    0           D   10.1.1.1        Vlanif20
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       Vlanif20
       11.0.0.0/24  Direct  0    0           D   11.0.0.1        Vlanif10
       11.0.0.1/32  Direct  0    0           D   127.0.0.1       Vlanif10
路由器AR1的路由配置:ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.0.0.10

防火墙FW1的接口配置:

[FW1]disp ip int bri
2020-06-18 12:55:44.820
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 4

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              172.16.0.10/24       up         up        
GigabitEthernet1/0/0              202.0.0.10/24        up         up        
GigabitEthernet1/0/1              11.0.0.10/24         up         up        
GigabitEthernet1/0/2              12.0.0.10/24         up         up 

防火墙相应接口添加至区域:

[FW1]disp zone
local
 priority is 100
 interface of the zone is (0):
#
trust
 priority is 85
 interface of the zone is (2):
    GigabitEthernet0/0/0
    GigabitEthernet1/0/1
#
untrust
 priority is 5
 interface of the zone is (1):
    GigabitEthernet1/0/0
#
dmz
 priority is 50
 interface of the zone is (1):
    GigabitEthernet1/0/2
查看防火墙FW1的默认安全策略:

[FW1]disp security-policy rule all
2020-06-18 12:59:14.270  
Total:1
RULE ID  RULE NAME                         STATE      ACTION       HITS        
--------------------------------------------------------------------------------------------
0               default                                  enable         deny           0           
---------------------------------------------------------------------------------------------
开启防火墙FW1的默认策略为action  为  permit,测试防火墙与其他设备的联通性。

[FW1]security-policy
[FW1-policy-security]default action permit
Warning:Setting the default packet filtering to permit poses security risks. You
 are advised to configure the security policy based on the actual data flows. Ar
e you sure you want to continue?[Y/N]y
[FW1-policy-security]

防火墙FW1的路由配置:

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/0 202.0.0.1
ip route-static 10.1.1.0 255.255.255.0 GigabitEthernet1/0/1 11.0.0.1
测试防火墙与其他设备的连通性。【略】

 

以上是关于防火墙网络信息安全试验拓扑的配置互联互通的主要内容,如果未能解决你的问题,请参考以下文章

《信息安全专业导论》第十一周学习总结

防火墙基础之安全防护与终端互通

防火墙基础之企业之间互通

防火墙基础之分支与分支之间互通

防火墙基础之企业之间三个分支实现互通

网络安全管理员_三级_操作技能考核解题过程