cjh 华为防火墙智能选路:策略路由
华为防火墙智能选路:策略路由
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 10.12.7.7 255.255.0.0
service-manage http permit
service-manage https permit
service-manage ping permit
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 202.100.2.254 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 202.100.1.254 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.1.254 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/4
undo shutdown
ip address 10.1.2.254 255.255.255.0
service-manage ping permit
#
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/3
add interface GigabitEthernet1/0/4
#
firewall zone untrust
set priority 5
#
firewall zone dmz
set priority 50
#
firewall zone name isp1 id 4
set priority 10
add interface GigabitEthernet1/0/2
#
firewall zone name isp2 id 5
set priority 20
add interface GigabitEthernet1/0/1
#
#
security-policy
rule name trust-isp1
source-zone trust
destination-zone isp1
action permit
rule name trust-isp2
source-zone trust
destination-zone isp2
action permit
#
#
policy-based-route
rule name trust-isp1 1
ingress-interface GigabitEthernet1/0/3
action pbr next-hop 202.100.1.1
rule name trust-isp2 2
ingress-interface GigabitEthernet1/0/4
action pbr next-hop 202.100.2.1
#
nat-policy
rule name trust-isp1
source-zone trust
destination-zone isp1
action source-nat easy-ip
rule name trust-isp2
source-zone trust
destination-zone isp2
action source-nat easy-ip
#
测试:
查看路径:
抓包验证:PC1 ping PC3, 在PC3上抓包
抓包验证:PC2 ping PC3, 在PC3上抓包
display firewall session table verbose
2、本资源基本为原创,部分来源其他付费资源平台或互联网收集,如有侵权请联系及时处理。
3、本站大部分文章的截图来源实验测试环境,请不要在生产环境中随意模仿,以免带来灾难性后果。
转载请保留出处: www.zh-cjh.com珠海陈坚浩博客 » 华为防火墙智能选路:策略路由
作者: cjh
| 手机扫一扫,手机上查看此文章: |
一切源于价值!
其他 模板文件不存在: ./template/plugins/comment/pc/index.htm