防火墙开局
一、配置外网地址:
1、interface g1/0/0
ip add 202.202.100.2 30
2、interface g1/0/1
ip add 192.168.0.1 24
二、配置区域
firewall zone untrust
add interface g1/0/0
firewall zone trust
add interface g1/0/1
三、配置安全策略
policy-security
rule name policy1
source-zone trust
destination-zone untrust
action permit
四、配置NAT
nat address-group isp1
section 202.102.10.2 202.102.10.3
五、配置NAT策略
nat-policy
rule name nat1
source-zone trust
destination-zone untrust
source-address 192.168.0.0 mask 255.255.255.0
action source-nat address-group isp1
六、配置安全策略
security-policy
rule name natpolicy
source-address 192.168.0.0 mask 255.255.255.0
action permit
七、配置路由
ip route-static 0.0.0.0 0.0.0.0 202.102.10.1 //默认路由
ip route-static 192.168.0.0 255.255.255.0 10.10.10.2 //回指路由
ip route-static 202.102.10.1 32 NULL 0 //黑洞路由
浙公网安备 33010602011771号