Home > other >  A firewall with the same IP addresses can't communicate with each other
A firewall with the same IP addresses can't communicate with each other

Time:10-11



Huawei fw1 firewall can't day melt letter firewall fw2

Configure the following
Fw1 is huawei's firewall
Dis cu
08:19:39 2016/05/16
#
Sysname NX - DAWL - ANQUAN - USG5320
#
Daily update the schedule dpi 03:01
The security server domain sec.huawei.com
#
Web - manager enable
Web - manager security enable
#
Firewall packet filter - the default permit interzone local trust direction the inbound
Firewall packet filter - the default permit interzone local trust direction outbound
#
Firewall statistic system enable
#
Interface GigabitEthernet0/0/0
IP address 172.16.30.242 255.255.255.0
#
Interface GigabitEthernet0/0/1
#
Interface GigabitEthernet0/.two survivors
IP address 10.1.6.1 255.255.255.252
#
Interface GigabitEthernet0/0/3
IP address 172.16.20.242 255.255.255.0
#
Interface NULL0
#
Firewall zone local
Set the priority of 100
#
Firewall zone trust
Set the priority of 85
The add interface GigabitEthernet0/0/0
The add interface GigabitEthernet0/0/1
The add interface GigabitEthernet0/.two survivors
The add interface GigabitEthernet0/0/3
#
Firewall zone untrust
Set the priority 5
#
Firewall zone DMZ
Set the priority of 50
#
Firewall zone vzone
Set the priority 0
#
The policy interzone local trust the inbound
The policy of 0
The action permit
#
The policy interzone local trust outbound
The policy of 0
The action permit
#
The policy interzone local untrust the inbound
The policy of 0
The action permit
#
The policy interzone local untrust outbound
The policy of 0
The action permit
#
The policy interzone trust untrust the inbound
The policy of 1
The action permit
#
The policy interzone trust untrust outbound
The policy of 0
The action permit
#
Aaa
Local - user admin password cipher] MQ; 4 \] B + 4 z, YWX * NZ55OA!!!!!
Local - user admin service -type web terminal Telnet
Local - user admin level 3
Local - user huawei password simple a12345678
Local - user huawei service -type FTP web Telnet SSH
Local - user huawei level 3
The authentication scheme - the default
#
Authorization - scheme default
#
Accounting - scheme default
#
Domain default
#
#
Right - the manager server - group
#
SLB
#
IP route -static 0.0.0.0 0.0.0.0 10.1.6.2
IP route -static 10.12.17.0 255.255.255.0 10.1.6.2
IP route -static 172.16.20.0 255.255.255.0 172.16.30.254
#
The user - interface con 0
The user - interface vty 0 4
The authentication mode - aaa
#
Return

The middle switch configuration
Display the current - configuration
#
! Software Version V100R005C01SPC100
Sysname NX - AQ - S5700 - DZWL
#
Super password level 3 cipher N ` C55QK & lt; `==^ Q/Q ` MAF4 & lt; 1!!!!!
#
Vlan batch 600 to 501, 601, 1000, 2000
#
Cluster enable
NTDP enable
NTDP hop 16
NDP enable
#
DHCP enable
#
Undo the HTTP server enable
#
Drop the illegal - MAC alarm
#
Aaa
The authentication scheme - the default
Authorization - scheme default
Accounting - scheme default
Domain default
Domain default_admin
Local - user admin password simple admin
Local - user admin service -type HTTP
Local - user huawei password cipher N ` C55QK & lt; `==^ Q/Q ` MAF4 & lt; 1!!!!!
Local - user huawei service -type Telnet
#
Interface Vlanif1
IP address DHCP - alloc
#
Interface Vlanif501
IP address 10.1.6.2 255.255.255.0
#
Interface Vlanif600
IP address 192.168.10.250 255.255.255.0
#
Interface Vlanif601
IP address 10.1.7.2 255.255.255.0
#
Interface Vlanif1000
IP address 192.168.1.254 255.255.255.0
#
Interface Vlanif2000
IP address 10.12.200.254 255.255.0.0
#
Interface MEth0/0/1
#
Interface GigabitEthernet0/0/1
The port hybrid pvid vlan 1000
The port hybrid untagged vlan 600 1000
NTDP enable
NDP enable
Bpdu enable
#
Interface GigabitEthernet0/.two survivors
The port link -type access
The port default vlan 1000
NTDP enable
NDP enable
Bpdu enable
#
Interface GigabitEthernet0/0/3
The port link -type access
The port default vlan 1000
NTDP enable
NDP enable
Bpdu enable
#
Interface GigabitEthernet0/0/4
The port link -type access
The port default vlan 1000
NTDP enable
NDP enable
Bpdu enable
#
Interface GigabitEthernet0/0/5
NTDP enable
NDP enable
Bpdu enable
#
Interface GigabitEthernet0/0/6
The port hybrid pvid vlan 600
The port hybrid untagged vlan 600 1000
NTDP enable
NDP enable
Bpdu enable
#
Interface GigabitEthernet0/0/7
The port link -type access
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
  • Related