华赛USG5120配置

Posted by zhanggy on 十二 11, 2010 in Network technology | 0 comments

dis curr
14:55:58 2010/12/07
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.255.255
#
sysname USG5120
#
web-manager enable
#
info-center timestamp debugging date
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local vzone direction inbound
firewall packet-filter default permit interzone local vzone direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust vzone direction inbound
firewall packet-filter default permit interzone trust vzone direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone untrust vzone direction inbound
firewall packet-filter default permit interzone untrust vzone direction outbound
firewall packet-filter default permit interzone dmz vzone direction inbound
firewall packet-filter default permit interzone dmz vzone direction outbound
#
nat address-group 1 101.102.103.152 101.102.103.152
#
dhcp enable
#
undo firewall statistic system enable
#
interface Cellular0/1/0
link-protocol ppp
#
interface GigabitEthernet0/0/0
description Outside
ip address 101.102.103.152 255.255.255.240
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
description Inside
ip address 192.168.100.253 255.255.255.0
#
interface GigabitEthernet0/0/3
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
add interface GigabitEthernet0/0/2
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0
#
firewall zone dmz
set priority 50
#
firewall zone vzone
set priority 0
#
firewall interzone trust untrust
packet-filter 2000 outbound
nat outbound 2000 address-group 1
#
aaa
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web telnet
local-user admin level 3
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
right-manager server-group
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 101.102.103.145
ip route-static 192.168.0.0 255.255.0.0 GigabitEthernet0/0/2 192.168.100.254
#
user-interface con 0
user-interface tty 9
authentication-mode none
modem both
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
#
return