source-zone local 源区域---防火墙 destination-zone trust 目的区域---trust信任区 destination-zone untrust 目的区域---untrust非信区域 action permit 动作是 允许放行 rule name ospf2 创建一个叫 ospf2的策略 source-zone trust 源区域---trust信任区 source-zone untrust 源区域---untrust非信任区 destinat...
某防火墙安全策略配置如下 : rule name pc1 to pc2 permit source-zone trust destination-zone untrust source-address 192.168.10.0 24 destination-address 172.16.10.0 0.0.0.255 service icmp action permit 假设下面的主机全部存在且开启,则下面描述正确的一项是( ) A.主机192.168.10.1能通过网络与主机172.16....
rule name policy-nat1 source-zone trust destination-zone untrust source-address 192.168.1.0 24 destination-address any action soure-nat address-group addressgroup1 //采用源地址 NAT,把 192.168.1.0/24 网段转换为 addressgroup1 的公网地址 4. 防火墙方向 trust 到 dmz 区域的流量 security-policy rule ...
某防火墙安全策略配置如下 : rule name pc1 to pc2 permit source-zone trust destination-zone untrust source-address 192.168.10.0 24 destination-address 172.16.10.0 0.0.0.255 service icmp action permit 假设下面的主机全部存在且开启,则下面描述正确的一项是( )A.主机192.168.10.1能通过网络与主机172.16....
关于安全策略配置命令 security-policy ,rule name rulet , source-zone trust , destination-zone untrust , source-address 10.1.0.0 0.0.255.255 ,service icrnp action deny”以下哪项是正确的? A 禁止从trust区城访euntrust区域且日的地址为10.1.10.10主机的ICMP报文。
policy_nat_1 source-zone trust destination-zone untrust source-address range 10.3.0.51 10.3.0.100 action source-nat address-group addressgroup1 rule name policy_nat_2 source-zone trust destination-zone untrust source-address range 10.3.0.101 10.3.0.150 action source-nat address-group addressgroup2 ...
nat-policy rule name SNAT_for_Internet source-zone trust destination-zone untrust source-address 10.1.1.0 24 action source-nat address-group Public_Address security-policy rule name Policy_for_Internet source-zone trust destination-zone untrust source-address 10.1.1.0 24 action permit For...
[USG-poicy-tfic-rule-policy1]source-zonetrust[uS&pocy-trdffic-rule-policy1]detination-zoneuntrust[SRgiraffic-rule-policy1]source-address192.168.1.0mask255255.255[usG-policy-traffic-rule-policyl]destination-address192.168.2.0mask255.255.255.0[USG-policy-traffic-rule-policy1]actionqosprofileclass1以下...
[FW]display current-configuration\ip service-setnat_traversal type object 512 service 0 protocoludp source-port 500 destination-port 500 service1 protocol udp source-port 4500 destination-port4500\ security- Policy rule name nat_traversalsource-zone local source-zone untrustdestination-zone local destin...
[FW]firewall interzone trust untrust [FW-interzone-trust-untrust]packet-filter 3000 outbound 十、NAT地址转换技术 静态NAT:固定的一对一IP地址映射 [R1]interface e0/0/1 [接口视图]ip address 192.1.1.1 30 [接口视图]nat static global 192.1.1.2 inside 10.1.1.2 ...