代码改变世界

使用EVE-NG软件,搭建PA、飞塔、山石防火墙LAB实验环境

2025-11-25 01:04  guesters  阅读(156)  评论(0)    收藏  举报

使用EVE-NG软件,搭建PA、飞塔、山石防火墙LAB实验环境

 

一、模拟器介绍

EVE-NG (Emulated Virtual Environment)仿真虚拟环境是一种新兴的虚拟无缝仿真平台,可以满足当今 IT 世界的需求。它可以让企业、电子学习提供商/中心、个人和团队协作者创建概念、解决方案和培训环境的虚拟验证。

EVE-NG涵盖Dynamips、IOL、QEMU三大组件,能运行Cisco、Juniper、F5、CheckPoint、Fortinet等众多网络设备操作系统,能运行Windows、Ubuntu、CentOS、MacOS等主机操作系统,同样能运行VMware、OpenStack、Proxmox VE等虚拟化/云计算操作系统。通用性强,适用性广,全能,是它的独有特点之一

 

EVE-NG官网:https://www.eve-ng.net

EVE-NG新手教程连接:https://www.emulatedlab.com/thread-1465-1-1.html

https://cloud.tencent.com/developer/article/2038076

论坛查看信息https://www.emulatedlab.com

https://www.eve-ng.cn/

免费答疑频道:https://pd.qq.com/g/emulatedlab

配套Lab所需设备镜像下载地址:https://www.emulatedlab.com/thread-939-1-1.html
EVE-NG全网最新最全资源大全:https://pd.qq.com/s/7cgmy7g6n

配套镜像密码表:https://www.emulatedlab.com/thread-1590-1-1.html

其他版本https://www.emulatedlab.com/thread-2192-1-1.html

 

二、网络设备型号、镜像版本和登录密码

  1.  

设备型号

镜像版本文件名

控制台账户密码

备注

Palo Alto防火墙

1、

paloalto-10.2.5-Pre-Licensed-Eval

 

2、

paloalto-11.2.5

admin

 

Fortinet防火墙

fortinet-FGT-v7.2.0-build1157

virtioa.qcow2

 

Fortinet FortiGate-v7.4.8.M-build2795

admin
 N/A

admin
 N/A

Hillstone防火墙

SG6000-CloudEdge-5.5R11P3-v6

hillstone
hillstone

Hillstone Networks StoneOS software, Version 5.5                                                                                                           

Copyright (c) 2009-2025 by Hillstone Networks                                                                                                                                                                                                                                                                           

Product name: SG-6000-VM00 S/N: 0010073790392703 Assembly number: 0000                                                                                    

 Boot file is SG6000-CloudEdge-5.5R11P3-v6  

 

 

三、EVE-NG搭建过程,注意事项

1、virtioa.qcow2上传到EVE-NG的/opt/unetlab/addons/qemu相关目录下

2、/opt/unetlab/html/templates检查模板文件yml正常存在

3、/opt/unetlab/scripts 查看文件py正常存在

 

四、WEB登录防火墙方法

1、PA防火墙

Palo Alto Networks PA-VM 11.2.5 (请设置CPU为4、内存为8192为佳,在qemu_options条目尾添加 -cpu host)

登录CLI界面,用户名是admin,密码默认为空

设置管理口IP地址和网关

Admin@PA-VM# configure

[EDIT]

Admin@PA-VM# set deviceconfig system type static

Admin@PA-VM# set deviceconfig system ip-address 10.1.1.111 netmask 255.255.255.0 default-gateway 10.1.1.1

Admin@PA-VM# commit (提交配置)

end

exit

 

Admin@PA-VM# show system info

Ip address: 10.1.1.111

Netmask: 255.255.255.0    vsys zone             forwarding               tag   

Default gateway: 10.1.1.1         

Admin@PA-VM# > ping host 10.1.1.1

request restart system

 

或者将Managerment桥接到Managerment云中,使用DHCP服务器自动获取IP地址,在使用浏览器登录PA防火墙web页面,IE浏览器使用兼容模式登录或者使用Win server 2022登录

https://10.1.1.111/

 

admin@PA-VM111> show system info

hostname: PA-VM111

ip-address: 10.8.1.111

public-ip-address: unknown

netmask: 255.255.255.0

default-gateway: 10.8.1.1

ip-assignment: static

mac-address: 50:00:00:0c:00:00

time: Tue Nov  4 21:50:37 2025

uptime: 0 days, 6:31:00

family: vm

model: PA-VM

serial: 007954000727890

vm-mac-base: 7C:89:C3:00:41:37

vm-mac-count: 256

vm-uuid: AC301AB2-4C9D-4D2B-8C45-98215850D8B2

vm-cpuid: KVM:E4060300FFFB8B0F

vm-license: VM-50

vm-cap-tier: 5.5 GB

vm-cpu-count: 8

vm-memory: 8157032

vm-mode: KVM

cloud-mode: non-cloud

sw-version: 11.2.5

global-protect-client-package-version: 0.0.0

device-dictionary-version: 199-662

 

 

 

 

2、Fortinet防火墙

登录CLI界面,用户名是admin,密码默认为空,设置管理口IP地址和网关

FortiGate # config system interface

FortiGate (interface) # edit port1

FortiGate (port1) # set mode static

FortiGate (port1) # set ip 10.1.1.11/24

FortiGate (port1) # end

 

FortiGate # config router static

FortiGate (static) # edit 1

FortiGate (1) # set gateway 10.1.1.1

FortiGate (1) # set device port1

FortiGate (1) # end

 

或者将port1桥接到Managerment云中,使用DHCP服务器自动获取IP地址,在使用浏览器登录Fortinet防火墙web页面。注意不同版本,对应的端口号码会有偏移。

CLI查看ip地址的命令

get system int ph

get system status

show full-configuration

 

3、山石防火墙

登录CLI界面,用户名是hillstone,密码默hillstone

查看管理口IP地址和网关

SG-6000# show interface

SG-6000# configure

SG-6000(config)# interface e0/0

SG-6000(config-if-eth0/0)# show this

interface ethernet0/0 local

  zone  "trust"

  ip address dhcp setroute

  manage ssh

  manage ping

  manage snmp

  manage https

  dhcp-client classless-static-route

  dhcp-client mtu

exit

 

no ip address dhcp

ip address 10.1.1.11 255.255.255.0

 

SG-6000(config-if-eth0/0)# do show int

SG-6000(config-if-eth0/0)# show this

interface ethernet0/0 local

  zone  "trust"

  ip address 10.8.1.11 255.255.255.0

  manage ssh

  manage ping

  manage snmp

  manage https

  dhcp-client classless-static-route

  dhcp-client mtu

exit

 

或者将E0/0桥接到Managerment云中,使用DHCP服务器自动获取IP地址,使用浏览器登录Hillstone防火墙web页面

浏览器输入https://10.1.1.11登录web页面