FW1000应用防火墙
实验指导
(Ver 1.0)
杭州迪普培训中心
2013年03月
DPtech FW1000应用防火墙
内部公开
目 录
1. 设备初始化 ...................................................................................................................... 1
1.1 概览 ............................................................................................................................................... 1 1.2 网络拓扑 ....................................................................................................................................... 1 1.3 配置1:恢复设备出厂配置 ........................................................................................................ 2 1.4 配置2:登陆设备WEB页面 ..................................................................................................... 2 1.5 配置3:修改管理口IP地址 ...................................................................................................... 3
2. 组网模式选择 .................................................................................................................. 5
2.1 概览 ............................................................................................................................................... 5 2.2 二层转发模式 ............................................................................................................................... 5 2.3 三层转发模式 ............................................................................................................................... 6 2.4 双机热备模式 ............................................................................................................................... 6 2.5 OSPF路由模式 ............................................................................................................................. 7
3. 二层转发模式 .................................................................................................................. 8
3.1 概览 ............................................................................................................................................... 8 3.2 网络拓扑 ....................................................................................................................................... 8 3.3 配置:二层防火墙 ....................................................................................................................... 8
1)配置接口参数 ......................................................................................................................... 8 2)配置VLAN-IF地址 ............................................................................................................... 8 3)配置安全域 ............................................................................................................................. 9 4)添加管理路由 ......................................................................................................................... 9 5)添加地址对象 ......................................................................................................................... 9 6)添加服务/服务组 .................................................................................................................. 10 7)配置包过滤策略 ................................................................................................................... 10
4. 三层转发模式 ................................................................................................................ 12
4.1 概览 ............................................................................................................................................. 12 4.2 网络拓扑 ..................................................................................................................................... 12 4.3 配置1:三层防火墙 .................................................................................................................. 12
1)配置接口参数 ....................................................................................................................... 12 2)配置地址对象 ....................................................................................................................... 13 3)添加静态路由 ....................................................................................................................... 13 4)配置安全域 ........................................................................................................................... 14 5)配置源NAT .......................................................................................................................... 14 6)配置目的NAT ...................................................................................................................... 14 7)配置包过滤策略 ................................................................................................................... 15 8)配置NAT日志输出 ............................................................................................................. 15
I
DPtech FW1000应用防火墙
内部公开
4.4 配置2:应用防火墙 .................................................................................................................. 16
1)配置接口参数 ....................................................................................................................... 16 2)配置地址对象 ....................................................................................................................... 16 3)添加静态路由 ....................................................................................................................... 16 4)配置安全域 ........................................................................................................................... 17 5)配置源NAT .......................................................................................................................... 17 6)配置带宽限速 ....................................................................................................................... 17 7)配置包过滤策略 ................................................................................................................... 18
5. 双机热备模式 ................................................................................................................ 19
5.1 概览 ............................................................................................................................................. 19 5.2 网络拓扑 ..................................................................................................................................... 19 5.3 配置1:透明双机 ...................................................................................................................... 19
1)配置接口参数 ....................................................................................................................... 19 2)配置VLAN-IF地址 ............................................................................................................. 20 3)配置安全域 ........................................................................................................................... 20 4)添加管理路由 ....................................................................................................................... 20 5)添加地址对象 ....................................................................................................................... 21 6)添加服务/服务组 .................................................................................................................. 21 7)配置包过滤策略 ................................................................................................................... 22 8)配置普通双机 ....................................................................................................................... 22 5.4 配置2:VRRP双机................................................................................................................... 23
1)配置接口参数 ....................................................................................................................... 23 2)添加静态路由 ....................................................................................................................... 23 3)配置安全域 ........................................................................................................................... 24 4)配置源NAT .......................................................................................................................... 24 5)配置普通双机 ....................................................................................................................... 24 6)配置VRRP ........................................................................................................................... 25 5.5 配置3:静默双机 ...................................................................................................................... 26
1)配置心跳聚合口 ................................................................................................................... 26 2)配置接口参数 ....................................................................................................................... 26 3)添加静态路由 ....................................................................................................................... 27 4)配置安全域 ........................................................................................................................... 27 5)配置源NAT .......................................................................................................................... 27 6)配置静默双机 ....................................................................................................................... 28
6. OSPF路由模式 ............................................................................................................... 30
6.1 概览 ............................................................................................................................................. 30 6.2 网络拓扑 ..................................................................................................................................... 30 6.3 配置:OSPF路由 ...................................................................................................................... 30
II
DPtech FW1000应用防火墙
内部公开
1)配置接口参数 ....................................................................................................................... 30 2)配置安全域 ........................................................................................................................... 31 3)配置包过滤策略 ................................................................................................................... 31 4)添加静态路由 ....................................................................................................................... 32 5)配置OSPF路由 ................................................................................................................... 32
7. VPN .................................................................................................................................. 34
7.1 概览 ............................................................................................................................................. 34 7.2 网络拓扑 ..................................................................................................................................... 34 7.3 配置1:IPSEC VPN(网关--网关模式) ................................................................................. 35
1)配置接口参数 ....................................................................................................................... 35 2)添加静态路由 ....................................................................................................................... 35 3)配置安全域 ........................................................................................................................... 35 4)配置源NAT .......................................................................................................................... 36 5)配置包过滤策略 ................................................................................................................... 36 6)配置IPSEC VPN .................................................................................................................. 36 7.4 配置2:IPSEC VPN(客户端接入模式) ............................................................................... 38
1)配置接口参数 ....................................................................................................................... 38 2)添加静态路由 ....................................................................................................................... 38 3)配置源NAT .......................................................................................................................... 38 4)配置安全域 ........................................................................................................................... 39 5)配置包过滤策略 ................................................................................................................... 39 6)配置IPSEC VPN .................................................................................................................. 39 7)创建IPSEC VPN用户 ......................................................................................................... 40 7.5 配置3:SSL VPN ...................................................................................................................... 41
1)配置接口参数 ....................................................................................................................... 41 2)添加静态路由 ....................................................................................................................... 42 3)配置源NAT .......................................................................................................................... 42 4)配置安全域 ........................................................................................................................... 42 5)配置包过滤策略 ................................................................................................................... 43 6)添加SSL VPN资源 ............................................................................................................. 43 7)创建SSL VPN用户 ............................................................................................................. 44 8)开启SSL VPN服务器 ......................................................................................................... 44
8. 其他常用配置 ................................................................................................................ 46
8.1 系统管理 ..................................................................................................................................... 46
1)系统名称及时间 ................................................................................................................... 46 2)开启SNMP配置 .................................................................................................................. 46 3)管理员权限配置 ................................................................................................................... 46 4)导出配置文件 ....................................................................................................................... 47
III
DPtech FW1000应用防火墙
内部公开
5)特征库升级 ........................................................................................................................... 48 6)软件版本升级 ....................................................................................................................... 49 8.2 网络管理 ..................................................................................................................................... 49
1)诊断工作 ............................................................................................................................... 49 8.3 日志管理 ..................................................................................................................................... 50
1)系统日志管理 ....................................................................................................................... 50 2)操作日志管理 ....................................................................................................................... 51 3)业务日志管理 ....................................................................................................................... 52
9. 修订记录(内部保留) ................................................................................................ 54
IV