華賽USG基礎配置

[USG2210]display current-configuration
14:10:20  2010/03/16
#
acl number 2000
 step 1
 rule 1 permit source 192.168.3.66 0
 rule 2 permit source 192.168.4.10 0
 rule 3 permit source 192.168.4.11 0
 rule 4 permit source 192.168.4.12 0
 rule 5 permit source 192.168.4.13 0
 rule 6 permit source 192.168.4.14 0
 rule 7 permit source 192.168.4.15 0
 rule 8 permit source 192.168.2.10 0
 rule 9 permit source 192.168.2.11 0
 rule 10 permit source 192.168.2.12 0
 rule 11 permit source 192.168.2.13 0
 rule 12 permit source 192.168.2.14 0
 rule 13 permit source 192.168.2.15 0
 rule 14 permit source 192.168.2.16 0
 rule 15 permit source 192.168.2.17 0
 rule 16 permit source 192.168.2.18 0
 rule 17 permit source 192.168.2.19 0
 rule 19 permit source 192.168.2.21 0
 rule 20 permit source 192.168.2.22 0
 rule 21 permit source 192.168.2.23 0
 rule 22 permit source 192.168.2.24 0
 rule 24 permit source 192.168.2.26 0
 rule 25 permit source 192.168.2.27 0
 rule 27 permit source 192.168.1.58 0
 rule 28 permit source 192.168.1.56 0
 rule 29 permit source 192.168.2.50 0
 rule 30 permit source 192.168.2.198 0
 rule 31 permit source 192.168.1.2 0
 rule 32 permit source 192.168.2.98 0
 rule 33 permit source 192.168.2.209 0
 rule 67 permit source 192.168.3.67 0
 rule 68 permit source 192.168.1.9 0
 rule 69 permit source 192.168.1.45 0
 rule 200 permit source 192.168.2.200 0
 rule 201 permit source 192.168.2.201 0
 rule 300 permit source 192.168.6.0 0.0.0.255
 rule 301 permit source 192.168.1.3 0
 rule 2000 deny source 192.168.0.0 0.0.255.255
#
acl number 3000
 rule 5 permit ip source 192.168.0.0 0.0.255.255
#
 sysname USG2210
#
 web-manager enable
#
 info-center timestamp debugging date
#
 firewall packet-filter default permit interzone local trust direction inbound
 firewall packet-filter default permit interzone local trust direction outbound
 firewall packet-filter default permit interzone local untrust direction inbound
 firewall packet-filter default permit interzone local untrust direction outboun
d
#
 nat address-group 1 121.15.135.81 121.15.135.82
#
 firewall blacklist enable
 firewall blacklist filter-type icmp
 firewall blacklist filter-type tcp
 firewall blacklist filter-type udp
 firewall blacklist filter-type others
#
 firewall mac-binding 192.168.2.200 000d-6077-ef94
#
 firewall defend ip-spoofing enable
 firewall defend land enable
 firewall defend smurf enable
 firewall defend fraggle enable
 firewall defend winnuke enable
 firewall defend icmp-redirect enable
 firewall defend icmp-unreachable enable
 firewall defend source-route enable
 firewall defend route-record enable
 firewall defend tracert enable
 firewall defend time-stamp enable
 firewall defend ping-of-death enable
 firewall defend teardrop enable
 firewall defend tcp-flag enable
 firewall defend ip-fragment enable
 firewall defend large-icmp enable
 firewall defend ip-sweep enable
 firewall defend port-scan enable
 firewall defend syn-flood enable
 firewall defend udp-flood enable
 firewall defend icmp-flood enable
 firewall defend get-flood enable
 firewall defend dns-flood enable
 firewall defend tcp-illegal-session enable
 firewall defend arp-flood enable
 firewall defend arp-spoofing enable
#
 firewall statistic system enable
#
interface GigabitEthernet0/0/0
 speed 100
 description to-switch
 ip address 192.168.6.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 121.15.135.81 255.255.255.248
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet0/0/1
#
firewall zone dmz
 set priority 50
#
firewall interzone trust untrust
 packet-filter 2000 outbound
 nat outbound 3000 address-group 1
 detect ftp
 detect http
#
aaa
 local-user hsadmin password cipher 4E=CC4S,53%LaN9G%UD&AA!!
 local-user hsadmin service-type ftp web telnet
 local-user hsadmin level 3
 local-user hsadmin ftp-directory flash:
 local-user xj password cipher YP*C^"L28LELaN9G%UD&AA!!
 local-user xj service-type web telnet
 local-user xj level 3
 authentication-scheme default
#
 authorization-scheme default
#
 accounting-scheme default
#
 domain default
#
#
 slb
#
 ip route-static 0.0.0.0 0.0.0.0 121.15.135.86
 ip route-static 192.168.0.0 255.255.0.0 192.168.6.1
#
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound telnet
#
return
[USG2210]