Configure the basic IP address
[FW1-GigabitEthernet1/0/0]ip add 10.1.2.1 24
[FW1-GigabitEthernet1/0/6]ip add 20.1.1.1 24
[Internet-GigabitEthernet0/0/1]ip address 20.1.1.2 24
After enabling the ping function on the interface and adding the interface to the relevant zone, the PC can ping the interface connected to the firewall
[FW1-GigabitEthernet1/0/0]service-manage enable
[FW1-GigabitEthernet1/0/0]service-manage ping permit
[FW1] firewall zone trust
[FW1-zone-trust] add interface GigabitEthernet 1/0/0 to
configure untrust zone
[FW1] firewall zone untrust
[FW1-zone-untrust] add interface GigabitEthernet 1/0/6 to
configure trust and untrust The forwarding policy between (configuration order is very important)
[FW1]security-policy
[FW1-policy-security]rule name deny_internet
[FW1-policy-security-rule-deny_internet]source-zone trust
[FW1-policy-security-rule-deny_internet]source-address 10.1.2.254 0.0.0.0
[FW1-policy-security-rule-deny_internet]destination-zone untrust
[FW1-policy-security-rule-deny_internet]destination-address any
[FW1-policy-security-rule-deny_internet]action deny
[FW1-policy-security]rule name policy_trust_untrust
[FW1-policy-security-rule-policy_trust_untrust]source-zone trust
[FW1-policy-security-rule-policy_trust_untrust]source-address 10.1.2.0 0.0.0.255
[FW1-policy-security-rule-policy_trust_untrust]destination-zone untrust
[FW1-policy-security-rule-policy_trust_untrust]destination-address any
[FW1-policy-security-rule-policy_trust_untrust]action permit
配置NAT策略(easy-ip)
[FW1-policy-nat]rule name to_internet
[FW1-policy-nat-rule-to_internet] destination-zone untrust
[FW1-policy-nat-rule-to_internet]source-zone trust
[FW1-policy-nat-rule-to_internet]action source-nat easy-ip
PC1 can Ping through the Internet
PC2 ping cannot work through the Internet to
view the nat conversion
Basic configuration of Huawei firewall
Guess you like
Origin blog.51cto.com/13699905/2644208
Recommended
Ranking