1、搭建拓扑图
配置client(内网)、FTP Server(外网)的IP地址
客户端设置:
服务端设置:
2、配置防火墙命名
进入防火墙,输入密码:默认为admin@123
<USG6000V1>system-view //进入系统模式
[USG6000V1]sysname FW1 //命名为FW1
3、配置安全区域
[FW1]firewall zone trust
[FW1-zone-trust]add int g1/0/0
[FW1]firewall zone untrust
[FW1-zone-untrust]add int g1/0/2
4、配置IP地址
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]ip address 192.168.2.254 24
[FW1]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip address 200.1.1.1 24
[FW1-GigabitEthernet1/0/2]dis ip int b //查看接口IP信息
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
(E): E-Trunk down
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 6
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 6
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.0.1/24 down down
GigabitEthernet1/0/0 192.168.2.254/24 up up
GigabitEthernet1/0/1 unassigned down down
GigabitEthernet1/0/2 200.1.1.1/24 up up
GigabitEthernet1/0/3 unassigned down down
GigabitEthernet1/0/4 unassigned down down
GigabitEthernet1/0/5 unassigned down down
GigabitEthernet1/0/6 unassigned down down
NULL0 unassigned up up(s)
Virtual-if0 unassigned up up(s)
[FW1-GigabitEthernet1/0/2]
5、配置安全策略
[FW1]security-policy //进入安全配置模式
[FW1-policy-security]rule name test //取名字
[FW1-policy-security-rule-test]source-zone trust //源区域
[FW1-policy-security-rule-test]destination-zone untrust //目标区域
[FW1-policy-security-rule-test]source-address 192.168.2.0 mask 255.255.255.0 //源地址
[FW1-policy-security-rule-test]destination-address 200.1.1.0 mask 255.255.255.0 //目标地址
[FW1-policy-security-rule-test]service icmp //流量类型
[FW1-policy-security-rule-test]action permit //行为为允许
6、ping测试
继续配置安全策略,实现服务器ping客户端