问

FW

配置同步

2022-02-16提问

0关注
1收藏，1967浏览

zhiliao_pVP8aH

zhiliao_pVP8aH 二段

粉丝：0人关注：0人

问题描述：

求大神帮忙把华三墙配置翻译成华三墙配置，谢谢！

组网及组网描述：

[915-FW-HW-6300-1]dis cu 11:25:21 2022/01/17 # l2tp domain suffix-separator @ # info-center loghost 10.84.48.4 514 # cpu-usage-mgmtplane alarm threshold enable cpu-usage-dataplane alarm threshold enable # undo hrp ospfv3-cost adjust-enable # ip df-unreachables enable # dhcp enable # undo firewall ipv6 statistic system enable # dns resolve dns server unnumbered interface Dialer0 dns server unnumbered interface Dialer1 dns server unnumbered interface GigabitEthernet0/0/7 undo dns transparent-proxy enable dns server bind interface GigabitEthernet0/0/0 preferred 202.96.209.133 alternate 202.96.209.5 dns server bind interface GigabitEthernet0/0/1 preferred 202.96.209.133 alternate 114.114.114.114 # firewall defend port-scan enable firewall defend ip-sweep enable # undo firewall statistic system enable # pki certificate access-control-policy default permit # ip-link check enable # undo dns proxy # license-server domain sdplsp.huawei.com # lldp enable # set disk-scan parameter attach off set disk-scan parameter cycle 0 set disk-scan parameter iostat 0 set disk-scan parameter speed 0 set disk-scan parameter switch off set disk-scan parameter parallel 0 undo disk-scan enable # user-manage web-authentication security port 8887 user-manage single-sign-on ad mode plug-in password-policy level high page-setting user-manage security version tlsv1 tlsv1.1 tlsv1.2 # undo firewall detect ftp # sysname 915-FW-HW-6300-1 # country CN # web-manager security version tlsv1 tlsv1.1 tlsv1.2 undo web-manager enable web-manager security enable port 8443 undo web-manager redirect https enable undo web-manager config-guide enable # undo update schedule ips-sdb enable undo update schedule av-sdb enable update schedule daily 00:59 # undo factory-configuration prohibit # bandwidth-limit destination-ip type udp max-speed 50 bandwidth-limit destination-ip type icmp max-speed 2000 anti-ddos syn-flood source-detect anti-ddos dns-request-flood source-detect mode basic anti-ddos dns-reply-flood source-detect anti-ddos sip-flood source-detect anti-ddos udp-flood dynamic-fingerprint-learn anti-ddos udp-frag-flood dynamic-fingerprint-learn anti-ddos https-flood source-detect anti-ddos http-flood source-detect mode basic # undo rbl-filter enable # rsa peer-public-key 10.10.10.1 public-key-code begin 30820109 02820100 B6D6F899 0F252523 CBACCA23 4C191933 0453DCC3 FF26B3D6 A48E103F 57589F89 0765EE95 E2830658 B8C20C09 A95467B7 8E168052 F7E0EF4E 85979518 700FB4E6 7C01B267 732D7555 0C67D14A F3DCDE3B 2096B003 A5B876BA E5F61D5A 2888BC74 D22E8DCA D0BC3C4A 4D922CA3 5A9FF6D9 CEAB111F A14FCB19 A3A17F0B 6B14FA81 6B5DE9B9 1F47BA0A 8D4E96EA D5DDD897 7CDBA863 36ABA937 0B817A86 69EAD3BF AA328882 AB09A055 65DAF864 3D936035 533BE74A CE9A3E60 01BDFD03 CF9B0B32 29EE7E94 11A1763A 2F9DDA14 3DE8C56F 37C85085 022F0F7D 567AE195 0AF473CD BEE76E37 C162657E 877EC766 1E3CD94D 61C31D19 DC7936B5 094A74D2 4F941E39 0203 010001 public-key-code end peer-public-key end # time-range worktime period-range 09:00:00 to 17:30:00 working-day # acl number 3000 rule 0 permit ip acl number 3001 rule 0 permit ip acl number 3002 rule 0 permit ip acl number 3003 rule 0 permit ip source 192.168.9.2 0 rule 1 permit ip destination 192.168.9.2 0 acl number 3004 rule 0 permit ip source 192.168.5.2 0 destination 192.168.1.1 0 rule 1 permit ip source 192.168.1.1 0 destination 192.168.5.2 0 acl number 3005 rule 0 permit ip source 192.168.50.1 0 destination 192.168.50.2 0 acl number 3006 rule 0 permit ip destination 10.86.152.0 0.0.0.255 acl number 3007 rule 0 permit ip destination 10.86.152.0 0.0.0.255 rule 1 permit ip source 10.86.152.0 0.0.0.255 acl number 3008 acl number 3009 rule 0 permit ip source 10.84.54.82 0 destination 182.92.23.54 0 rule 1 permit ip source 182.92.23.54 0 destination 10.84.54.82 0 acl number 3010 rule 0 permit ip source 192.168.5.1 0 destination 10.84.48.5 0 rule 1 permit ip source 10.84.48.5 0 destination 192.168.5.1 0 acl number 3011 acl number 3012 rule 0 permit ip source 10.84.50.12 0 destination 10.0.13.23 0 rule 1 permit ip source 10.0.13.23 0 destination 10.84.50.12 0 # interface Dialer0 link-protocol ppp ppp chap user ad82057327 ppp chap password cipher %$%$tW[cNW56C!#Dn/(^I~SI4&zq%$%$ ppp pap local-user ad82057327 password cipher %$%$`O[vJr7k/LLdYxYI3e2%.cZQ%$%$ ppp ipcp dns admit-any ip address ppp-negotiate reverse-route enable dialer user ad82057327 dialer bundle 1 bandwidth ingress 100000 threshold 80 bandwidth egress 100000 threshold 80 anti-ddos flow-statistic enable healthcheck link-group "icmp 114" # interface Dialer1 link-protocol ppp ppp chap user ad82495980 ppp chap password cipher %$%$qZ}^%BS-c"`r~A39UWK>;8/&%$%$ ppp pap local-user ad82495980 password cipher %$%$D$}~L#tI&-B~iZ#^`UF53KB9%$%$ ppp ipcp dns admit-any ip address ppp-negotiate reverse-route enable dialer user ad82495980 dialer bundle 2 bandwidth ingress 100000 threshold 80 bandwidth egress 100000 threshold 80 anti-ddos flow-statistic enable healthcheck link-group "icmp 114" # interface GigabitEthernet0/0/0 alias IP ip address 116.236.167.198 255.255.255.252 reverse-route nexthop 116.236.167.197 lldp enable lldp tlv-enable basic-tlv all service-manage http deny service-manage https deny service-manage ping deny service-manage ssh deny service-manage snmp deny service-manage telnet deny gateway 116.236.167.197 bandwidth ingress 200000 threshold 80 bandwidth egress 200000 threshold 80 anti-ddos flow-statistic enable anti-ddos syn-flood source-detect alert-rate 100 healthcheck link-group "icmp 114" # interface GigabitEthernet0/0/1 alias LAN ip address 192.168.5.1 255.255.255.0 lldp enable lldp tlv-enable basic-tlv all service-manage http permit service-manage https permit service-manage ping permit service-manage ssh permit service-manage snmp permit service-manage telnet permit # interface GigabitEthernet0/0/2 shutdown dhcp select interface dhcp server ip-range 192.168.50.11 192.168.50.254 dhcp server mask 255.255.255.0 dhcp server gateway-list 192.168.50.1 dhcp server dns-list 114.114.114.114 ipv6 enable undo ipv6 protocol enable lldp enable lldp tlv-enable basic-tlv all service-manage ping permit # interface GigabitEthernet0/0/3 pppoe-client dial-bundle-number 1 ipv4 alias A lldp enable lldp tlv-enable basic-tlv all # interface GigabitEthernet0/0/4 pppoe-client dial-bundle-number 2 ipv4 alias B lldp enable lldp tlv-enable basic-tlv all # interface GigabitEthernet0/0/5 shutdown alias ͣ ip address 10.255.2.227 255.255.255.248 lldp enable lldp tlv-enable basic-tlv all service-manage http permit service-manage https permit service-manage ping permit gateway 10.255.2.225 bandwidth ingress 15000 bandwidth egress 15000 # interface GigabitEthernet0/0/6 alias 50M ip address 10.255.14.142 255.255.255.252 lldp enable lldp tlv-enable basic-tlv all service-manage http permit service-manage https permit service-manage ping permit bandwidth ingress 50000 bandwidth egress 50000 # interface GigabitEthernet0/0/7 shutdown ipv6 enable undo ipv6 protocol enable dhcp client enable lldp enable lldp tlv-enable basic-tlv all undo service-manage enable # interface NULL0 # firewall zone local set priority 100 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 # firewall zone untrust set priority 5 add interface Dialer0 add interface Dialer1 add interface GigabitEthernet0/0/0 add interface GigabitEthernet0/0/3 add interface GigabitEthernet0/0/4 # firewall zone dmz set priority 50

最佳答案

zhiliao_pVP8aH

zhiliao_pVP8aH 二段

粉丝：0人关注：0人

l2tp domain suffix-separator @
#
info-center loghost 10.84.48.4 514
#
cpu-usage-mgmtplane alarm threshold enable
cpu-usage-dataplane alarm threshold enable
#
undo hrp ospfv3-cost adjust-enable
#
ip df-unreachables enable
#
dhcp enable
#
undo firewall ipv6 statistic system enable
#
dns resolve
dns server unnumbered interface Dialer0
dns server unnumbered interface Dialer1
dns server unnumbered interface GigabitEthernet0/0/7
undo dns transparent-proxy enable
dns server bind interface GigabitEthernet0/0/0 preferred 202.96.209.133 alternate 202.96.209.5
dns server bind interface GigabitEthernet0/0/1 preferred 202.96.209.133 alternate 114.114.114.114
#
firewall defend port-scan enable
firewall defend ip-sweep enable
#
undo firewall statistic system enable
#
pki certificate access-control-policy default permit
#
ip-link check enable
#
undo dns proxy
#
license-server domain sdplsp.huawei.com
#
lldp enable
#
set disk-scan parameter attach off
set disk-scan parameter cycle 0
set disk-scan parameter iostat 0
set disk-scan parameter speed 0
set disk-scan parameter switch off
set disk-scan parameter parallel 0
undo disk-scan enable
#
user-manage web-authentication security port 8887
user-manage single-sign-on ad mode plug-in
password-policy
level high
page-setting
user-manage security version tlsv1 tlsv1.1 tlsv1.2
#
undo firewall detect ftp
#
sysname 915-FW-HW-6300-1
#
country CN
#
web-manager security version tlsv1 tlsv1.1 tlsv1.2
undo web-manager enable
web-manager security enable port 8443
undo web-manager redirect https enable
undo web-manager config-guide enable
#
undo update schedule ips-sdb enable
undo update schedule av-sdb enable
update schedule daily 00:59
#
undo factory-configuration prohibit
#
bandwidth-limit destination-ip type udp max-speed 50
bandwidth-limit destination-ip type icmp max-speed 2000
anti-ddos syn-flood source-detect
anti-ddos dns-request-flood source-detect mode basic
anti-ddos dns-reply-flood source-detect
anti-ddos sip-flood source-detect
anti-ddos udp-flood dynamic-fingerprint-learn
anti-ddos udp-frag-flood dynamic-fingerprint-learn
anti-ddos https-flood source-detect
anti-ddos http-flood source-detect mode basic
#
undo rbl-filter enable
#
rsa peer-public-key 10.10.10.1
public-key-code begin
30820109
02820100
B6D6F899 0F252523 CBACCA23 4C191933 0453DCC3 FF26B3D6 A48E103F 57589F89
0765EE95 E2830658 B8C20C09 A95467B7 8E168052 F7E0EF4E 85979518 700FB4E6
7C01B267 732D7555 0C67D14A F3DCDE3B 2096B003 A5B876BA E5F61D5A 2888BC74
D22E8DCA D0BC3C4A 4D922CA3 5A9FF6D9 CEAB111F A14FCB19 A3A17F0B 6B14FA81
6B5DE9B9 1F47BA0A 8D4E96EA D5DDD897 7CDBA863 36ABA937 0B817A86 69EAD3BF
AA328882 AB09A055 65DAF864 3D936035 533BE74A CE9A3E60 01BDFD03 CF9B0B32
29EE7E94 11A1763A 2F9DDA14 3DE8C56F 37C85085 022F0F7D 567AE195 0AF473CD
BEE76E37 C162657E 877EC766 1E3CD94D 61C31D19 DC7936B5 094A74D2 4F941E39
0203
010001
public-key-code end
peer-public-key end
#
time-range worktime
period-range 09:00:00 to 17:30:00 working-day
#
acl number 3000
rule 0 permit ip
acl number 3001
rule 0 permit ip
acl number 3002
rule 0 permit ip
acl number 3003
rule 0 permit ip source 192.168.9.2 0
rule 1 permit ip destination 192.168.9.2 0
acl number 3004
rule 0 permit ip source 192.168.5.2 0 destination 192.168.1.1 0
rule 1 permit ip source 192.168.1.1 0 destination 192.168.5.2 0
acl number 3005
rule 0 permit ip source 192.168.50.1 0 destination 192.168.50.2 0
acl number 3006
rule 0 permit ip destination 10.86.152.0 0.0.0.255
acl number 3007
rule 0 permit ip destination 10.86.152.0 0.0.0.255
rule 1 permit ip source 10.86.152.0 0.0.0.255
acl number 3008
acl number 3009
rule 0 permit ip source 10.84.54.82 0 destination 182.92.23.54 0
rule 1 permit ip source 182.92.23.54 0 destination 10.84.54.82 0
acl number 3010
rule 0 permit ip source 192.168.5.1 0 destination 10.84.48.5 0
rule 1 permit ip source 10.84.48.5 0 destination 192.168.5.1 0
acl number 3011
acl number 3012
rule 0 permit ip source 10.84.50.12 0 destination 10.0.13.23 0
rule 1 permit ip source 10.0.13.23 0 destination 10.84.50.12 0
#
interface Dialer0
link-protocol ppp
ppp chap user ad82057327
ppp chap password cipher %$%$tW[cNW56C!#Dn/(^I~SI4&zq%$%$
ppp pap local-user ad82057327 password cipher %$%$`O[vJr7k/LLdYxYI3e2%.cZQ%$%$
ppp ipcp dns admit-any
ip address ppp-negotiate
reverse-route enable
dialer user ad82057327
dialer bundle 1
bandwidth ingress 100000 threshold 80
bandwidth egress 100000 threshold 80
anti-ddos flow-statistic enable
healthcheck link-group "icmp 114"
#
interface Dialer1
link-protocol ppp
ppp chap user ad82495980
ppp chap password cipher %$%$qZ}^%BS-c"`r~A39UWK>;8/&%$%$
ppp pap local-user ad82495980 password cipher %$%$D$}~L#tI&-B~iZ#^`UF53KB9%$%$
ppp ipcp dns admit-any
ip address ppp-negotiate
reverse-route enable
dialer user ad82495980
dialer bundle 2
bandwidth ingress 100000 threshold 80
bandwidth egress 100000 threshold 80
anti-ddos flow-statistic enable
healthcheck link-group "icmp 114"
#
interface GigabitEthernet0/0/0
alias IP
ip address 116.236.167.198 255.255.255.252
reverse-route nexthop 116.236.167.197
lldp enable
lldp tlv-enable basic-tlv all
service-manage http deny
service-manage https deny
service-manage ping deny
service-manage ssh deny
service-manage snmp deny
service-manage telnet deny
gateway 116.236.167.197
bandwidth ingress 200000 threshold 80
bandwidth egress 200000 threshold 80
anti-ddos flow-statistic enable
anti-ddos syn-flood source-detect alert-rate 100
healthcheck link-group "icmp 114"
#
interface GigabitEthernet0/0/1
alias LAN
ip address 192.168.5.1 255.255.255.0
lldp enable
lldp tlv-enable basic-tlv all
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
#
interface GigabitEthernet0/0/2
shutdown
dhcp select interface
dhcp server ip-range 192.168.50.11 192.168.50.254
dhcp server mask 255.255.255.0
dhcp server gateway-list 192.168.50.1
dhcp server dns-list 114.114.114.114
ipv6 enable
undo ipv6 protocol enable
lldp enable
lldp tlv-enable basic-tlv all
service-manage ping permit
#
interface GigabitEthernet0/0/3
pppoe-client dial-bundle-number 1 ipv4
alias A
lldp enable
lldp tlv-enable basic-tlv all
#
interface GigabitEthernet0/0/4
pppoe-client dial-bundle-number 2 ipv4
alias B
lldp enable
lldp tlv-enable basic-tlv all
#
interface GigabitEthernet0/0/5
shutdown
alias ͣ ip address 10.255.2.227 255.255.255.248
lldp enable
lldp tlv-enable basic-tlv all
service-manage http permit
service-manage https permit
service-manage ping permit
gateway 10.255.2.225
bandwidth ingress 15000
bandwidth egress 15000
#
interface GigabitEthernet0/0/6
alias 50M
ip address 10.255.14.142 255.255.255.252
lldp enable
lldp tlv-enable basic-tlv all
service-manage http permit
service-manage https permit
service-manage ping permit
bandwidth ingress 50000
bandwidth egress 50000
#
interface GigabitEthernet0/0/7
shutdown
ipv6 enable
undo ipv6 protocol enable
dhcp client enable
lldp enable
lldp tlv-enable basic-tlv all
undo service-manage enable
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
#
firewall zone untrust
set priority 5
add interface Dialer0
add interface Dialer1
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/3
add interface GigabitEthernet0/0/4
#
firewall zone dmz
set priority 50
#
set priority 10
add interface GigabitEthernet0/0/5
add interface GigabitEthernet0/0/6
#
aaa
authentication-scheme default
authentication-scheme admin_local
authentication-scheme admin_radius_local
authentication-scheme admin_hwtacacs_local
authentication-scheme admin_ad_local
authentication-scheme admin_ldap_local
authentication-scheme admin_radius
authentication-scheme admin_hwtacacs
authentication-scheme admin_ad
authentication-scheme admin_ldap
authentication-scheme admin_securid
authentication-scheme admin_securid_local
#
authorization-scheme default
#
accounting-scheme default
#
manager-user password-modify enable
manager-user audit-admin
password cipher %@%@=k^]X&N\c6Gt4{I]8AI$`tkbDVy}!e\]:5^98#6!{)Z<0zql%@%@
service-type web
level 15
ssh authentication-type password
ssh service-type stelnet
authentication-scheme admin_local
#
manager-user admin
password cipher %@%@s0N,4e;H3')~,@7pPVJ2:LC:6!t4VB0,D9k2TU)>y&zR3RID%@%@
service-type web terminal ssh
level 15
ftp-directory hda1:
ssh authentication-type password
ssh service-type stelnet
authentication-scheme admin_local
#
domain default
service-type access internet-access
reference user current-domain
new-user deny-authentication
#
role system-admin
description system-admin
role device-admin
description device-admin
role device-admin(monitor)
description device-admin(monitor)
role audit-admin
description audit-admin
bind manager-user audit-admin role audit-admin
#
nqa-jitter tag-version 1

#
ip route-static 0.0.0.0 0.0.0.0 Dialer0
ip route-static 0.0.0.0 0.0.0.0 Dialer1
ip route-static 10.0.0.0 255.0.0.0 10.255.14.141
ip route-static 10.10.10.0 255.255.255.0 192.168.5.2
ip route-static 10.84.48.0 255.255.248.0 192.168.5.2
ip route-static 10.84.152.0 255.255.248.0 192.168.5.2
ip route-static 10.84.208.0 255.255.248.0 10.255.2.202
ip route-static 31.15.0.0 255.255.0.0 10.255.14.141
ip route-static 172.16.0.0 255.240.0.0 10.255.14.141
ip route-static 192.168.5.0 255.255.255.0 192.168.5.2
ip route-static 192.168.11.0 255.255.255.0 192.168.5.2
ip route-static 192.168.45.0 255.255.255.0 GigabitEthernet0/0/1 192.168.5.2
ip route-static 192.168.46.0 255.255.255.0 GigabitEthernet0/0/1 192.168.5.2
ip route-static 192.168.50.0 255.255.255.0 GigabitEthernet0/0/2
#
ntp-service unicast-server 114.118.7.163
#
stelnet server enable
ssh client first-time enable
ssh client 10.10.10.1 assign rsa-key 10.10.10.1
#
banner enable
#
undo dns proxy ipv6 enable
#
isp name "china mobile"
isp name "china mobile" set filename china-mobile.csv
isp name "china unicom"
isp name "china unicom" set filename china-unicom.csv
isp name "china telecom"
isp name "china telecom" set filename china-telecom.csv
isp name "china educationnet"
isp name "china educationnet" set filename china-educationnet.csv
#
user-interface con 0
authentication-mode password cipher %@%@+h*.3:=a-&JaBjVetbm'n3*!4!f32;9/Q)g"(M'SB~`>^90+%@%@
user-interface vty 0 4
authentication-mode aaa
#
ip address-set DNS1 type group
address 0 10.0.13.23 mask 32
address 1 10.0.13.24 mask 32
#
ip address-set server type group
address 0 10.84.48.2 mask 255.255.255.255
address 1 10.84.48.3 mask 255.255.255.255
address 2 10.84.48.4 mask 255.255.255.255
address 3 10.84.48.5 mask 255.255.255.255
address 4 10.84.48.7 mask 255.255.255.255
address 5 10.84.48.8 mask 255.255.255.255
address 6 10.84.48.9 mask 255.255.255.255
address 7 10.84.48.6 mask 255.255.255.255
#
ip address-set "192.168.45 Ctype object
address 0 192.168.45.0 mask 24
#
ip address-set "152 Ctype object
address 0 range 10.84.152.1 10.84.152.254
#
ip address-set "192.168.46 Ctype object
address 0 192.168.46.0 mask 24
#
ip address-set type object
address 0 10.255.2.202 mask 32
#
ip address-set ype object
address 0 10.84.208.0 mask 255.255.248.0
#
ip address-set "172.16 Btype object
address 0 172.16.0.0 mask 255.255.0.0
#
ip address-set "10 Atype object
address 0 10.0.0.0 mask 255.0.0.0
#
ip address-set "55 Ctype object
address 0 10.84.55.0 mask 255.255.255.0
#
ip address-set "192.168.11 Ctype object
address 0 range 192.168.11.1 192.168.11.254
#
ip address-set ͨype object
address 0 10.86.112.0 mask 255.255.248.0
address 1 10.255.12.66 mask 255.255.255.255
#
ip address-set "48 /21" type object
address 0 10.84.48.0 mask 21
#
ip address-set "192.168.50 Ctype object
address 0 192.168.50.0 mask 255.255.255.0
#
ip address-set "54 Ctype object
address 0 range 10.84.54.1 10.84.54.254
#
ip address-set "53 Ctype object
address 0 range 10.84.53.1 10.84.53.254
#
ip address-set "51 Ctype object
address 0 range 10.84.51.1 10.84.51.254
#
ip address-set "50 Ctype object
address 0 range 10.84.50.1 10.84.50.254
#
ip address-set "49 Ctype object
address 0 range 10.84.49.1 10.84.49.254
#
ip address-set "52 Ctype object
address 0 range 10.84.52.1 10.84.52.254
#
ip address-set "152 /21" type object
address 0 10.84.152.0 mask 21
#
ip address-set · type object
address 0 10.86.152.0 mask 255.255.248.0
#
ip address-set "48 Ctype object
address 0 10.84.48.0 mask 24
#
ip service-set BANPORT type object
service 0 protocol tcp source-port 0 to 65535 destination-port 22
service 1 protocol tcp source-port 0 to 65535 destination-port 23
service 2 protocol tcp source-port 0 to 65535 destination-port 445
service 3 protocol tcp source-port 0 to 65535 destination-port 139
service 4 protocol tcp source-port 0 to 65535 destination-port 1521
service 5 protocol tcp source-port 0 to 65535 destination-port 1433
service 6 protocol tcp source-port 0 to 65535 destination-port 3306
service 7 protocol tcp source-port 0 to 65535 destination-port 3389
service 8 protocol tcp source-port 0 to 65535 destination-port 135
service 9 protocol tcp source-port 0 to 65535 destination-port 137
service 10 protocol tcp source-port 0 to 65535 destination-port 138
#
slb
#
right-manager server-group
#
profile type url-filter name

category pre-defined subcategory-id 155 action block
category pre-defined subcategory-id 157 action block
category pre-defined subcategory-id 158 action block
category pre-defined subcategory-id 231 action block
category pre-defined subcategory-id 232 action block
category pre-defined subcategory-id 159 action block
category pre-defined subcategory-id 254 action block
category pre-defined subcategory-id 160 action block
category pre-defined subcategory-id 237 action block
category pre-defined subcategory-id 239 action block
default action block
#
sa
#
location
#
agile-network
#
api
#
device-classification
device-group pc
device-group mobile-terminal
device-group undefined-group
#
security-policy
default policy logging
rule name "ban port"
policy logging
session logging
source-zone untrust
destination-zone local
destination-zone trust
service BANPORT
action deny
rule name "server to intranet"
policy logging
source-zone trust
destination-zone ר source-address address-set server
destination-address address-set "10 A
destination-address address-set "172.16 B
action permit
rule name "server to internet"
policy logging
session logging
source-zone trust
destination-zone untrust
source-address address-set server
action deny
rule name "Other to Internet"
policy logging
destination-zone untrust
source-address address-set "192.168.11 C
source-address address-set "192.168.45 C
source-address address-set "192.168.46 C
action permit
rule name "local dev to intranet"
policy logging
source-zone trust
source-zone local
destination-zone ר source-address 10.10.10.0 mask 255.255.255.0
source-address 192.168.0.0 mask 255.255.0.0
destination-address address-set "10 A
destination-address address-set "172.16 B
action deny
rule name "local to Intranet"
policy logging
source-zone trust
source-zone local
destination-zone ר action permit
rule name "local to Internet"
policy logging
source-zone trust
source-zone local
destination-zone untrust
action permit
rule name "to trust"
policy logging
destination-zone trust
destination-zone local
action permit
#
auth-policy
#
traffic-policy
#
policy-based-route
rule name BYODWIFI
ingress-interface GigabitEthernet0/0/1
source-address address-set "152 C
action pbr egress-interface GigabitEthernet0/0/5 next-hop 10.255.2.225
#
nat-policy
rule name caobao
destination-zone ר destination-address address-set ·
action nat easy-ip
rule name beiji
destination-zone ר destination-address 10.86.120.0 mask 255.255.248.0
destination-address 10.255.12.70 mask 255.255.255.255
action nat easy-ip
rule name 709
destination-zone ר destination-address 10.86.128.0 mask 255.255.248.0
destination-address 10.255.12.74 mask 255.255.255.255
action nat easy-ip
rule name 1076
destination-zone ר destination-address 10.86.136.0 mask 255.255.248.0
destination-address 10.255.12.78 mask 255.255.255.255
action nat easy-ip
rule name tongyong
disable
source-zone trust
destination-zone ר destination-address address-set ͨ action nat easy-ip
rule name "to intranet"
destination-zone ר destination-address address-set "10 A
destination-address address-set "172.16 B
action no-nat
rule name "Other to internet"
source-zone trust
destination-zone untrust
source-address address-set "192.168.11 C
source-address address-set "192.168.45 C
source-address address-set "192.168.46 C
action nat easy-ip
rule name "to internet"
destination-zone untrust
action nat easy-ip
rule name "to trust"
destination-zone trust
action no-nat
#
proxy-policy
#
quota-policy
#
multi-interface
add interface Dialer0 priority 4
add interface Dialer1 priority 4
add interface GigabitEthernet0/0/0 priority 6
mode proportion-of-bandwidth
#
healthcheck link-group 1 "icmp 114"
destination 114.114.114.114 protocol ICMP
tx-interval 10
healthcheck link-group 2 "icmp 8.8"
destination 8.8.8.8 protocol ICMP
tx-interval 10
healthcheck link-group 3 "baidu http"
destination 123.125.114.144 protocol HTTP
tx-interval 10
times 2
healthcheck link-group 4 "icmp 10.0.13.23"
destination 10.0.13.23 protocol ICMP
tx-interval 10
#
return