山石防火墙命令行配置示例
现网1台山石SG6000防火墙,配置都可以通过GUI实现。
但有一些配置在命令行下配置效率更高,比如在1个已有策略中添加1个host或端口。
下面的双引号可以不加
创建服务
service “tcp-901”
tcp dst-port 901
范围
service “tcp-10000-65535”
tcp dst-port 10000 65535
group
servgroup “Management”
service “SSH”
service “xdmcp_UDP_177”
service “HTTPS”
service “tcp-901”
创建Ip
address “RDM-WaiGua-System-10.248.68.114”
ip 10.248.68.114/32
address “10.248.68.5-40”
range 10.248.68.5 10.248.68.40
address “Logistics”
ip 10.248.33.89/32
ip 10.248.33.88/32
rule
rule id 401
action permit
src-zone “SC”
dst-zone “CR”
src-addr “Data-1”
dst-addr “wan-1”
service http
service https
name Colasoft
rule id 3019
action permit
src-zone “INSIDE”
dst-zone “OUTSIDE”
src-ip 10.248.1.1/32
dst-addr “AI-10.248.1.1-10”
service “tcp-1521”
schedule “2025.1.17”
schedule
schedule “2025.1.17”
absolute end 01/18/2025 00:00:00
原文地址:https://blog.csdn.net/funnycoffee123/article/details/145193808
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!