[FW1-policy-interzone--trust-dmz-outbound-5]policy service service-set http//配置允许通过浏览器访问 [FW1-policy-interzone--trust-dmz-outbound-5]policy service service-set icmp//配置表示允许ping命令;(可以配置能通过服务器的HTTP,而PING服务器不通;)[FW1-policy-interzone-trust-dmz-outbound-5]...
[FW1-nat-policy-interzone-trust-untrust-outbound-10]policy source 192.168.1.0 mask 24 (放行转换之前的地址,某一段地址)[FW1-policy-interzone-trust-untrust-outbound-20]policy service service-set icmp//不配置表示允许所有;[FW1-policy-interzone-trust-untrust-outbound-20]action permit 注意:按照...
1.在没有配置策略的情况下,设备任何地址都能正常登陆,当配置上policy 0的时候策略没有生效 policy interzone local untrust inbound firewall default packet-filter is permit policy 0 (0 times matched) action permit policy service service-set https policy service service-set ssh policy source 32.23.20.254...
firewall default packet-filter is deny policy 1 (2 times matched) action permit policy service service-set icmp (predefined) policy source any policy destination 172.16.1.1 0 policy 2 (4 times matched) action permit policy service service-set telnet (predefined) policy source any policy destinatio...
[FW1-object-service-set-toserver]service 2 protocol tcp destination-port 21 //服务顺序1 协议为 tcp 目标端口21 第二步: 开启策略: [FW1]policy interzone untrust dmz inbound //开启untrust区到dmz区方向的流量,并进入该策略 [FW1-policy-interzone-dmz-untrust-inbound]policy 10 //创建策略10,并进...
policy source address-setsetname policy destination address-setsetname policy service service-set servicename policy time-rangemarch 3、 策略查询及更新 策略配置完成后,有时需要对配置情况进行查询,或者进行更新,可以参照如下命令进行。 policy interzonetrust untrustoutbound ...
policy014:09:082014/07/08[FW-policy-interzone-dmz-untrust-inbound-0]policydestination 10.0.3.3 014:09:372014/07/08[FW-policy-interzone-dmz-untrust-inbound-0]policyservice service-set telnet[FW-policy-interzone-dmz-untrust-inbound-0]actionpermit14:09:552014/07/08[FW-policy-interzone-dmz-...
policy source 10.1.1.1 0 policy destination 20.1.1.1 0 display policy interzone ahang huawei inbound 域内: policy zone huawei policy 1 action deny policy service service-set icmp policy source 30.1.1.1 0 policy destination 20.1.1.1 0
policy service service-set e1 policy source 172.1.1.1 0 policy destination 21.1.1.1 0 nat-policy interzone trust untrust inbound //源NAT policy 1 action source-nat policy source 172.1.1.1 0 easy-ip GigabitEthernet0/0/1 因为client做源NAT转换,为了防止client直接通过21.1.1.1:80访问服务器,需要配置...
policy service service-set telnet policy destination 172.16.1.1 0 查看会话: [huaweiFW]display policy interzone untrust dmz inbound 15:17:51 2015/02/02 policy interzone dmz untrust inbound firewall default packet-filter is deny policy 1 (2 times matched) ...