14.1 防火墙登录配置
![图片[1]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片38-4-1024x566.png)
![图片[2]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片39-4-1024x694.png)
1.桥接防火墙
1)首次登录需要修改密码(默认账号:admin 默认密码:Admin@123)
Username:admin
Password:Admin@123
The password needs to be changed. Change now? [Y/N]: Y
Please enter old password:
Please enter new password:
Please confirm new password:
Error: New passwords are different.
Info: Your password has been changed. Save the change to survive a reboot.
*************************************************************************
* Copyright (C) 2014-2018 Huawei Technologies Co., Ltd. *
* All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
*************************************************************************
<USG6000V1>2)配置接口地址
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]ip address 192.168.10.2 24
//与电脑主机的VMnet1网卡一致
[FW1-GigabitEthernet0/0/0]service-manage ping permit
//允许ping通FW接口3)电脑与防火墙连通性测试
C:\Users\HP>ping 192.168.10.2
正在 Ping 192.168.10.1 具有 32 字节的数据:
来自 192.168.10.1 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.10.1 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.10.1 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.10.1 的回复: 字节=32 时间<1ms TTL=64
192.168.10.1 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms2.防火墙的三种登录模式:telnet登录防火墙(物理电脑需要安装Tennet客户端,telnet 192.168.10.2)
[FW1]telnet server enable
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]protocol inbound telnet
[FW1-ui-vty0-4]authentication-mode password
[FW1-ui-vty0-4]set authentication password cipher dsrw.com
[FW1-ui-vty0-4]user privilege level 3
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]service-manage telnet permit
C:\Users\HP>telnet 192.168.10.2
Password: Warning: There is a risk on the user-interface which you login through. Please change the configuration of the user-interface as soon as possible. ************************************************************************* * Copyright (C) 2014-2018 Huawei Technologies Co., Ltd. * * All rights reserved. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************************************************* Info: The max number of VTY users is 10, and the number of current VTY users on line is 1. The current login time is 2023-02-13 15:33:33+00:00. <FW1> 3.防火墙的三种登录模式:web登录防火墙
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]service-manage https permit![图片[3]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片40-4-1024x426.png)
![图片[4]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片41-4-1024x470.png)
4.防火墙的三种登录模式:ssh登录防火墙
[FW1]]rsa local-key-pair create
//产生RSA本地秘钥
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]authentication-mode aaa
[FW1-ui-vty0-4]protocol inbound all
[FW1]ssh user admin
// 创建SSH用户admin
[FW1]ssh user admin authentication-type password //为admin用户设置ssh认证为password
[FW1]aaa
[FW1-aaa]manager-user admin
[FW1-aaa]
service-type web ssh terminal
[FW1]ssh user admin service-type stelnet
//为admin用户设置ssh认证服务类型为stelnet
[FW1]stelnet server enable
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]service-manage https permit![图片[5]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片42-4-1024x337.png)
![图片[6]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片43-4.png)
![图片[7]-第14章 安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片44-4.png)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容