[H3C]object-group ip address trust1[H3C-obj-grp-ip-trust1]network subnet 192.168.0.0 24[H3C-obj-grp-ip-trust1]quit[H3C]object-group ip address untrust1[H3C-obj-grp-ip-untrust1]network subnet 192.168.10.0 24[H3C-obj-grp-ip-untrust1]quit ...
destination-ip object-group-name 缺省情况下,未配置目的IPv4地址过滤条件。 ¡ 配置作为安全策略规则过滤条件的目的IPv4主机地址。 destination-ip-host ip-address 缺省情况下,未配置目的主机IPv4主机地址过滤条件。 ¡ 配置作为安全策略规则过滤条件的目的IPv4子网地址。 destination-ip-subnet ip-address { mask-...
rule rule-id append { application application-name | app-group app-group-name | destination-ip object-group-name | service object-group-name | source-ip object-group-name } 缺省情况下,不存在规则的附加条件 1.2.5 安全域间实例应用对象策略 安全域间实例上同种类型的对象策略只能应用一个,即只能...
0networkhostaddress10.21.32.16 # object-groupipaddress远端数据备份服务器 0networksubnet192.168.2.0255.255.255.0 # object-groupservice端口 0servicetcpsourcerangexxxdestinationrangexxx # policy-based-routegzxjpermitnode5 if-matchacl3004 applynext-hopX.X.X.X # policy-based-routegzxjpermitnode10...
H3C M9000配置笔记 设备管理方式配置: intM-g1/0/0/0//进入管理口并配置IP ipaddress security-zonenametrust//将管理口加入到trust区域 importinterfaceM-g1/0/0/0 aclnu2000//创建ACL并允许合法用户管理 rulepermitsourceX.X.X.X zone-pairsecuritysourcetrustdestinationlocal//配置域间策略,放行trust...
acl [ ipv6 ] { advanced | basic } { acl-number | name acl-name } [ match-order { auto | config } ] 定义一个基本IPv4ACL规则 rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { object-group address-group-name | source-address source-wildcard | any...
[H3C]object-group ip address trust1[H3C-obj-grp-ip-trust1]network subnet 192.168.0.0 24[H3C-obj-grp-ip-trust1]quit[H3C]object-group ip address untrust1[H3C-obj-grp-ip-untrust1]network subnet 192.168.10.0 24[H3C-obj-grp-ip-untrust1]quit ...
参考的http://www.h3c.com/cn/Service/Document_Software/Document_Center/IP_Security/FW_VPN/F10X0/...
0networkhostaddress10.21.32.16 # object-groupipaddress远端数据备份服务器 0networksubnet192.168.2.0255.255.255.0 # object-groupservice端口 0servicetcpsourcerangexxxdestinationrangexxx # policy-based-routegzxjpermitnode5 if-matchacl3004 applynext-hopX.X.X.X # policy-based-routegzxjpermitnode10...