1、搭建拓扑图
配置client(内网)、FTP Server(外网)的IP地址
客户端设置:
服务端设置:
2、配置防火墙命名
进入防火墙,输入密码:默认为admin@123
system-view //进入系统模式[USG6000V1]sysname FW1 //命名为FW13、配置安全区域
[FW1]firewall zone trust [FW1-zone-trust]add int g1/0/0[FW1]firewall zone untrust [FW1-zone-untrust]add int g1/0/24、配置IP地址
[FW1]int g1/0/0[FW1-GigabitEthernet1/0/0]ip address 192.168.2.254 24[FW1]int g1/0/2[FW1-GigabitEthernet1/0/2]ip address 200.1.1.1 24 [FW1-GigabitEthernet1/0/2]dis ip int b //查看接口IP信息*down: administratively down^down: standby(l): loopback(s): spoofing(d): Dampening Suppressed(E): E-Trunk downThe number of interface that is UP in Physical is 4The number of interface that is DOWN in Physical is 6The number of interface that is UP in Protocol is 4The number of interface that is DOWN in Protocol is 6Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 192.168.0.1/24 down down GigabitEthernet1/0/0 192.168.2.254/24 up up GigabitEthernet1/0/1 unassigned down down GigabitEthernet1/0/2 200.1.1.1/24 up up GigabitEthernet1/0/3 unassigned down down GigabitEthernet1/0/4 unassigned down down GigabitEthernet1/0/5 unassigned down down GigabitEthernet1/0/6 unassigned down down NULL0 unassigned up up(s) Virtual-if0 unassigned up up(s) [FW1-GigabitEthernet1/0/2]5、配置安全策略
[FW1]security-policy //进入安全配置模式[FW1-policy-security]rule name test //取名字[FW1-policy-security-rule-test]source-zone trust //源区域[FW1-policy-security-rule-test]destination-zone untrust //目标区域[FW1-policy-security-rule-test]source-address 192.168.2.0 mask 255.255.255.0 //源地址[FW1-policy-security-rule-test]destination-address 200.1.1.0 mask 255.255.255.0 //目标地址[FW1-policy-security-rule-test]service icmp //流量类型[FW1-policy-security-rule-test]action permit //行为为允许6、ping测试
继续配置安全策略,实现服务器ping客户端