华为eNSP配置USG防火墙网络联通实验

1、一、搭建拓扑结构防火墙三台路由器两台

4、四、配置防火墙的包策略过滤行为security-policyrule name policy_sec_1 source-zone trust destination-zone untrust action permitrule name policy_sec_2 source-zone local source-zone untrust destination-zone local destination-zone untrust action permit

5、五、配置OSPF协议保证网络的连通性先从R1到R3再配置FW1、FW2[R1]ospf 1 [R1-ospf-1]area 0.0.0.0 [R1-ospf-1-are锾攒揉敫a-0.0.0.0]network 10.0.10.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255 [R2]ospf 1 [R2-ospf-1]area 0.0.0.0 [R2-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255 [R3]ospf 1 [R3-ospf-1]area 0.0.0.0 [R3-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255 [FW1]ospf 1 [FW1-ospf-1]area 0.0.0.0 [FW1-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255 [FW2]ospf 1 [FW2-ospf-1]area 0.0.0.0 [FW2-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255

6、六、查看当前各个设备的路由表，并开启防火墙端口的ping功能[FW1]dis ip rouRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7Destination/Mask Proto Pre Cost Flags NextHop Interface 10.0.10.0/24 Direct 0 0 D 10.0.10.1 GigabitEthernet1/0/0 10.0.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 10.0.12.0/24 OSPF 10 49 D 10.0.10.2 GigabitEthernet1/0/0 10.0.20.0/24 OSPF 10 50 D 10.0.10.2 GigabitEthernet1/0/0 10.0.23.0/24 OSPF 10 97 D 10.0.10.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0开启ping功能service-manager ping enable