52ky 发表于 2022-9-8 10:57:13

PIX详细配置命令说明

配置PIX防火墙之前,先来介绍一下防火墙的物理特性。防火墙通常具有最少3个接口,但很多早期的防火墙只具有2个接口;当使用具有3个接口的防火墙时,就最少产生了3个网络,描绘如下:内部区域(内网)。内部区域通常就是指企业内部网络或者是企业内部网络的一部分。它是互连网络的信赖区域,即受到了防火墙的保护。外部区域(外网)。外部区域通常指Internet或者非企业内部网络。它是互连网络中不被信赖的区域,当外部区域想要访问内部区域的主机和服务,通过防火墙,就能够实现有限制的访问。停火区(DMZ)。停火区是一个阻隔的网络,或几个网络。坐落停火区中的主机或服务器被称为堡垒主机。通常在停火区内能够放置Web服务器,Mail服务器等。停火区关于外部用户通常是能够访问的,这种方式让外部用户能够访问企业的揭露信息,但却不允许他们访问企业内部网络。注意:2个接口的防火墙是没有停火区的。由于PIX535在企业等级不具有普遍性,因此下面首要说明PIX525在企业网络中的使用。

(Before configuring the PIX firewall, let's first introduce the physical characteristics of the firewall. Firewalls usually have a minimum of 3 interfaces, but many early firewalls have only 2 interfaces; when using a firewall with 3 interfaces, a minimum of 3 networks are created, depicted as follows: Internal zone (intranet). The internal area usually refers to the internal network of the enterprise or a part of the internal network of the enterprise. It is the trust zone of the interconnected network, that is, it is protected by a firewall. External zone (extranet). The external area usually refers to the Internet or non-enterprise internal network. It is an untrusted area in the interconnected network. When the external area wants to access the hosts and services of the internal area, it can achieve limited access through the firewall. Ceasefire Zone (DMZ). A ceasefire zone is a blocked network, or several networks. A host or server located in a ceasefire zone is called a bastion host. Usually in the ceasefire zone can place Web server, Mail server, etc. Ceasefire zones are generally accessible to external users, which allows external users to access corporate disclosures, but does not allow them to access the corporate internal network. Note: The firewall with 2 interfaces does not have a ceasefire zone. Since the PIX535 is not universal at the enterprise level, the following first describes the use of the PIX525 in the enterprise network.)




页: [1]
查看完整版本: PIX详细配置命令说明