H3C 模拟器防火墙开启Web功能

news/2024/11/28 11:56:12/

1 在HCL中添加主机，然后连接visualbox网卡和防火墙G1/0/0

2 给虚拟网卡配置ip

3 在防火墙命令行配置

<H3C>system-view
[H3C]sysname fw-1
[fw-1]ip http enable
[fw-1]interface  g1/0/0   //接口ip，根据所连接的网卡进行改动
[fw-1-GigabitEthernet1/0/0]ip address 10.19.4.250 22
[fw-1-GigabitEthernet1/0/0]qu
[fw-1]ip https enable
[fw-1]security-zone name trust  //安全域
[fw-1-security-zone-Trust]import interface g1/0/0  //把接口加入安全域
[fw-1-security-zone-Trust]qu
[fw-1]object-policy ip manage
[fw-1-object-policy-ip-manage]rule pass //规则动作
[fw-1-object-policy-ip-manage]zone-pair security source trust destination local //域间应用
[fw-1-zone-pair-security-Trust-Local]object-policy apply ip manage  //创建对象策略
[fw-1]local-user admin class manage //创建登入web的用户名和密码
[fw-1-luser-manage-admin]password simple admin
[fw-1-luser-manage-admin]service-type http https  //启用http和https的功能
[fw-1-luser-manage-admin]authorization-attribute user-role network-admin
<fw-1>%Aug 23 12:23:14:674 2019 fw-1 WEB/5/LOGIN: -Context=1; admin 10.19.4.2

4 登录web界面

登录成功

转载于:https://www.cnblogs.com/yhq1314/p/11399875.html

2.配置ip地址

(1) 配置Host_1地址：

打开本地物理机的网络连接，将VirtualBox 网卡地址配置为192.168.0.x x 和防火墙同一网段。

3.将G1/0/0接口划入安全域，命令如下

[H3C]sysN
[H3C]sysname FW1
[FW1]int g 1/0/1
[FW1-GigabitEthernet1/0/1]undo ip ad 192.168.0.1 24（默认端口IP不删除，配置其他端口会提示重叠）
[FW1-GigabitEthernet1/0/1]int g 1/0/0
[FW1-GigabitEthernet1/0/0]ip ad 192.168.0.3 24
[FW1-GigabitEthernet1/0/0]quit
[FW1]security-zone name management
[FW1-security-zone-Management]import int g 1/0/0 //将端口导入到安全管理口
[FW1-security-zone-Management]quit

查看安全域及域下接口：

<FW1>dis security-zone

Name: Management
Members:
GigabitEthernet1/0/0

4.创建ACL允许管理流量通过

[H3C]acl advanced 3000

[H3C-acl-ipv4-adv-3000]rule permit ip //允许所有流量通过，具体根据实际情况来

5.创建域间策略

Management到local策略：

[H3C]zone-pair security source management destination local

[H3C-zone-pair-security-Management-Local]packet-filter 3000

local到management策略：

[H3C]zone-pair security source local destination management