52ky 发表于 2022-9-11 10:04:31

H3C SecPath UTM系列典型配置案例集

某企业的内网网段为192.168.1.0/24,外网网段为192.168.100.0/22。内网作为WebServer的主机192.168.1.3连接到Device的GE0/2接口上,在Device上配置IPS策略,阻止外部网络中的PC向内部服务器建议攻击。图1IPS配置举例组网图4.2配置思路l?将需要进行检测的流量引入深度检测l?创建IPS策略l?配置IPS规则l?使用策略到指定段上4.3使用版本F51184.4配置过程4.4.1基本配置1.配置接口GE0/1在左边导航栏中点击“设备管理gt;接口管理”,点击GE0/1栏中的按钮,进入“接口编辑”界面。依照下图设置接口GE0/1,然后点击lt;断定gt;按钮终结配置。点击左边导航栏“设备管理gt;安全域”,点击Untrust栏中的按钮,进入“修改安全域”界面。依照下图将接口GE0/1参加Untrust域,点击lt;断定gt;按钮返回“安全域”界面。2.配置接口GE0/2相同配置接口GE0/2的IP地址为192.168.1.1/24,参加到安全域Trust。在“设备管理gt;接口管理”中看到配置终结后的界面:3.配置NATServer在该例中需要配置NATServer,以给内部Web服务器192.168.1.3一个从外部能够访问的地址192.168.102.132。点击导航栏“防火墙gt;NATgt;内部服务器”,在“内部服务器转换”页签下点击lt;新建gt;,进行如下配置:

(The internal network segment of an enterprise is 192.168.1.0/24, and the external network segment is 192.168.100.0/22. As the WebServer host 192.168.1.3 on the intranet, connect to the GE0/2 interface of the Device, and configure an IPS policy on the Device to prevent PCs on the external network from recommending attacks to the internal server. Figure 1 IPS configuration example Networking diagram 4.2 Configuration roadmap l? Introduce the traffic to be inspected into deep inspection l? Create an IPS policy l? Configure an IPS rule l? Basic configuration 1. Configure interface GE0/1 Click "Device Management > Interface Management" in the left navigation bar, click the button in the GE0/1 column to enter the "Interface Edit" interface. Set the interface GE0/1 according to the figure below, and then click the lt;Confirm gt; button to complete the configuration. Click "Device Management > Security Zone" in the left navigation bar, and click the button in the Untrust column to enter the "Modify Security Zone" interface. Add interface GE0/1 to the Untrust zone according to the figure below, and click the lt;Confirm gt; button to return to the "Security Zone" interface. 2. Configure interface GE0/2 with the same IP address of interface GE0/2 as 192.168.1.1/24, and join the security zone Trust. In "Device Management > Interface Management", you can see the interface after the configuration: 3. Configure NATServer In this example, you need to configure NATServer to give the internal Web server 192.168.1.3 an address 192.168.102.132 that can be accessed from the outside. Click "Firewall gt;NATgt;Internal Server" in the navigation bar, click lt;New gt; under the "Internal Server Translation" tab, and configure as follows:)




页: [1]
查看完整版本: H3C SecPath UTM系列典型配置案例集