WEB是中文的,懂點理論都能配出來
下面是命令行的
config
admin user hillstone
password hillstone
interface ethernet0/0 (E0/0是出口,定義爲untrust 區域)
zone "untrust"
ip address 172.18.26.78 255.255.255.252
manage ssh
manage telnet
manage snmp
manage http (接口允許這些服務來管理設備)
manage https
manage ping
exit
interface ethernet0/1
bgroup bgroup1
exit
interface ethernet0/2
bgroup bgroup1
exit
(E0/1-4加入組1)
interface ethernet0/3
bgroup bgroup1
exit
interface ethernet0/4
bgroup bgroup1
exit
interface bgroup1 (配置組1爲trust區域)
zone "trust"
ip address 10.32.76.1 255.255.252.0
manage telnet
manage http
manage https
manage ssh
manage ping
exit
ip vrouter "trust-vr" (默認路由,next-hop地址)
ip route 0.0.0.0/0 172.18.26.77
exit
policy from "trust" to "untrust"
rule id 1 (trust 到untrust 的策略)
action permit
src-addr "Any"
dst-addr "Any"
service "Any"
exit
exit
policy from "untrust" to "trust"
rule id 2
action permit (untrusty 到trust 的策略)
src-addr "Any"
dst-addr "Any"
service "Any"
exit
exit
這個只是最基本的配置,能夠出外網,沒有用NAT,hillstone主要是安全防火牆這塊,所以這個設備最大的優勢就在於QOS流控,可以對應用層進行流量控制。