防火墙虚拟系统访问根系统
![图片[1]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片22-1-1024x793.png)
![图片[2]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片23-1-1024x157.png)
![图片[3]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片24-1-1024x326.png)
![图片[4]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片25-1-1024x504.png)
![图片[5]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片26-1-1024x528.png)
![图片[6]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片27-1-1024x226.png)
![图片[7]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片28-1-1024x467.png)
![图片[8]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片29-1-1024x463.png)
1)查看后台配置
vsys enable
resource-class r0
resource-class r1
resource-item-limit session reserved-number 200 maximum 500
#
vsys name vsysa 1
assign interface GigabitEthernet1/0/1
assign interface GigabitEthernet1/0/3
assign resource-class r1
#
vsys name vsysb 2
assign interface GigabitEthernet1/0/2
assign interface GigabitEthernet1/0/4
assign resource-class r1
#
ip vpn-instance default
ipv4-family
#
ip vpn-instance vsysa
ipv4-family
ipv6-family
#
ip vpn-instance vsysb
ipv4-family
ipv6-family
#
switch vsys vsysa
#
interface GigabitEthernet1/0/1
undo shutdown
ip binding vpn-instance vsysa
#
interface GigabitEthernet1/0/3
undo shutdown
ip binding vpn-instance vsysa
#
switch vsys vsysb
#
interface GigabitEthernet1/0/2
undo shutdown
ip binding vpn-instance vsysb
#
interface GigabitEthernet1/0/4
undo shutdown
ip binding vpn-instance vsysb 防火墙虚拟系统隔离
![图片[9]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片30-1-1024x449.png)
1)开启telnet登录
telnet server enable
user-interface con 0
user-interface vty 0 4
protocol inbound all
2)PC机登录telnet
C:\Users\HP>telnet 192.168.11.99![图片[10]-7.2 防火墙虚拟系统-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片31-1.png)
3)查看配置
display current-configuration
#
switch vsys vsysa
interface GigabitEthernet1/0/1
undo shutdown
ip binding vpn-instance vsysa
#
interface GigabitEthernet1/0/3
undo shutdown
ip binding vpn-instance vsysa
#
interface Virtual-if1
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone dmz
set priority 50
quit
4)在防火墙中配置
(1)进入vsysa
#进入虚拟系统
switch vsys vsysa
sys
#配置接口
interface GigabitEthernet1/0/1
ip address 10.3.0.254 255.255.255.0
service-manage all permit
interface GigabitEthernet1/0/3
ip address 100.1.1.101 255.255.255.0
service-manage all permit
#配置区域
firewall zone trust
add interface GigabitEthernet1/0/1
firewall zone untrust
add interface GigabitEthernet1/0/3
#配置安全策略
security-policy
rule name t_2_un
source-zone trust
destination-zone untrust
source-address 10.3.0.0 24
action permit
#配置静态路由
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/3 100.1.1.254
#配置NAT策略
nat-policy
rule name t_2_un
source-zone trust
destination-zone untrust
source-address 10.3.0.0 mask 255.255.255.0
action source-nat easy-ip
(2)进入vsysb
#进入虚拟系统
switch vsys vsysb
sys
#接口配置
interface GigabitEthernet1/0/2
ip address 10.3.1.254 255.255.255.0
service-manage all permit
interface GigabitEthernet1/0/4
ip address 100.1.1.102 255.255.255.0
service-manage all permit
#配置区域
firewall zone trust
add interface GigabitEthernet1/0/2
firewall zone untrust
add interface GigabitEthernet1/0/4
#配置安全策略
security-policy
rule name t_2_un
source-zone trust
destination-zone untrust
source-address 10.3.1.0 24
action permit
#配置静态路由
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/4 100.1.1.254
#配置NAT策略
nat-policy
rule name t_2_un
source-zone trust
destination-zone untrust
source-address 10.3.1.0 24
action source-nat easy-ip© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容