eNSP模拟防火墙
1、搭建防火墙安全拓扑
(防火墙简介:display version 显示防火墙版本信息;dis current-configuration 查看防火墙当前配置; 防火墙三个区:trust ,untrust, dmz;)
2、设置防火墙安全区域(firewall zone trust; set priority 85; firewall zone untrust; set priority 5; )
3、将接口放入安全区域(firewall zone trust; set priority 85;add interface GigabiEthernet0/0/0; firewall zone untrust; set priority 5; add interface GigabiEthernet0/0/1)
4、设置ip地址实现直连连通(interface GigabiEthernet0/0/0; undo shutdown; ip address ip 192.168.1.100 255.255.255.0; interface GigabiEthernet0/0/1; undo shutdown; ip address 192.168.1.100 255.255.255.0;)
5、部署默认路由到外网(ip route-static 0.0.0.0 0.0.0.0 100.1.1.1;)
ping测试(ping 100.1.1.1 ; ping 192.168.1.1)
6、部署域间包过滤规则(policy interzone trust untrust outbound; policy 0; action permit; policy source 192.168.1.0 0.0.0.255;)
7、部署NAT技术(nat-polity interzone trust untrust outbound; policy 1; action source-nat; policy source 192.168.1.0 0.0.0.255; easy-ip GigabitEthernet 0/0/1;)
8、测试实验效果
(在主机上配置IP地址; 测试与防火墙的直连通信;测试是否能够访问外网设备;在防火墙上查看状态会话表:display firewall session table)
