防火墙网络信息安全试验拓扑的配置互联互通
Posted gd-hn-mzh
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了防火墙网络信息安全试验拓扑的配置互联互通相关的知识,希望对你有一定的参考价值。
一、实验拓扑:
二、网络拓扑互联互通:
路由器、交换机、主机的IP地址配置 略。
交换机LSW1 VLAN的配置如下所示:
[SW1]disp vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D)
Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D)
Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D)
Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D)
Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D)
GE0/0/2(D)
10 common UT:Eth0/0/1(U)
20 common UT:Eth0/0/2(U) Eth0/0/3(U)
交换机LSW1的路由配置:ip route-static 0.0.0.0 0.0.0.0 Vlanif10 11.0.0.10
交换机LSW1的路由表:
[SW1]disp ip rout
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 D 11.0.0.10 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif20
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
11.0.0.0/24 Direct 0 0 D 11.0.0.1 Vlanif10
11.0.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
路由器AR1的路由配置:ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.0.0.10
防火墙FW1的接口配置:
[FW1]disp ip int bri
2020-06-18 12:55:44.820
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 4
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.0.10/24 up up
GigabitEthernet1/0/0 202.0.0.10/24 up up
GigabitEthernet1/0/1 11.0.0.10/24 up up
GigabitEthernet1/0/2 12.0.0.10/24 up up
防火墙相应接口添加至区域:
[FW1]disp zone
local
priority is 100
interface of the zone is (0):
#
trust
priority is 85
interface of the zone is (2):
GigabitEthernet0/0/0
GigabitEthernet1/0/1
#
untrust
priority is 5
interface of the zone is (1):
GigabitEthernet1/0/0
#
dmz
priority is 50
interface of the zone is (1):
GigabitEthernet1/0/2
查看防火墙FW1的默认安全策略:
[FW1]disp security-policy rule all
2020-06-18 12:59:14.270
Total:1
RULE ID RULE NAME STATE ACTION HITS
--------------------------------------------------------------------------------------------
0 default enable deny 0
---------------------------------------------------------------------------------------------
开启防火墙FW1的默认策略为action 为 permit,测试防火墙与其他设备的联通性。
[FW1]security-policy
[FW1-policy-security]default action permit
Warning:Setting the default packet filtering to permit poses security risks. You
are advised to configure the security policy based on the actual data flows. Ar
e you sure you want to continue?[Y/N]y
[FW1-policy-security]
防火墙FW1的路由配置:
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/0 202.0.0.1
ip route-static 10.1.1.0 255.255.255.0 GigabitEthernet1/0/1 11.0.0.1
测试防火墙与其他设备的连通性。【略】
以上是关于防火墙网络信息安全试验拓扑的配置互联互通的主要内容,如果未能解决你的问题,请参考以下文章