DPtech FW1000系列应用防火墙典型配置手册版本:v3.2软件版本:FW1000-S211C011D001P15发布时间:2018-12-07声明Copyright © 2008-2018杭州迪普科技股份有限公司版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本书内容的部分或全部,并不得以任何形式传播。
为杭州迪普科技股份有限公司的商标。
对于本手册中出现的其他所有商标或注册商标,由各自的所有人拥有。
由于产品版本升级或其他原因,本手册内容有可能变更。
杭州迪普科技股份有限公司保留在没有任何通知或者提示的情况下对本手册的内容进行修改的权利。
本手册仅作为使用指导,杭州迪普科技股份有限公司尽全力在本手册中提供准确的信息,但是杭州迪普科技股份有限公司并不确保手册内容完全没有错误,本手册中的所有陈述、信息和建议也不构成任何明示或暗示的担保。
杭州迪普科技股份有限公司地址:杭州市滨江区通和路68号中财大厦6层邮编:310051网址:技术论坛:7x24小时技术服务热线:400-6100-598约定图形界面格式约定各类标志约定表示操作中必须注意的信息,如果忽视这类信息,可能导致数据丢失、功能失效、设备损坏或不可预知的结果。
表示对操作内容的描述进行强调和补充。
目录1产品介绍 ........................................................................................................................................... 1-11.1产品概述.................................................................................................................................. 1-11.2产品特点.................................................................................................................................. 1-1 2设备基本配置维护案例...................................................................................................................... 2-12.1登陆防火墙设备Web界面....................................................................................................... 2-12.1.1组网说明........................................................................................................................ 2-12.1.2配置前提........................................................................................................................ 2-12.1.3注意事项........................................................................................................................ 2-12.1.4配置思路........................................................................................................................ 2-22.1.5配置步骤........................................................................................................................ 2-22.1.6结果验证........................................................................................................................ 2-32.2 Telnet/SSH远程管理防火墙..................................................................................................... 2-42.2.1组网说明........................................................................................................................ 2-42.2.2配置前提........................................................................................................................ 2-52.2.3注意事项........................................................................................................................ 2-52.2.4配置思路........................................................................................................................ 2-52.2.5配置步骤........................................................................................................................ 2-52.2.6结果验证........................................................................................................................ 2-62.3限制特定IP/特定协议管理防火墙 ............................................................................................ 2-72.3.1组网说明........................................................................................................................ 2-72.3.2配置前提........................................................................................................................ 2-72.3.3注意事项........................................................................................................................ 2-72.3.4配置思路........................................................................................................................ 2-72.3.5配置步骤........................................................................................................................ 2-82.3.6结果验证........................................................................................................................ 2-92.4保存/下载/导入防火墙配置文件.............................................................................................. 2-102.4.1组网说明...................................................................................................................... 2-102.4.2配置前提...................................................................................................................... 2-102.4.3注意事项...................................................................................................................... 2-102.4.4配置思路...................................................................................................................... 2-102.4.5配置步骤....................................................................................................................... 2-112.4.6结果验证...................................................................................................................... 2-132.5 Web页面升级防火墙软件版本 ............................................................................................... 2-132.5.1组网说明...................................................................................................................... 2-132.5.2配置前提...................................................................................................................... 2-142.5.3注意事项...................................................................................................................... 2-142.5.4配置思路...................................................................................................................... 2-142.5.5配置步骤...................................................................................................................... 2-142.5.6重启设备...................................................................................................................... 2-152.5.7结果验证...................................................................................................................... 2-152.6命令行升级软件版本.............................................................................................................. 2-152.6.1组网说明...................................................................................................................... 2-152.6.2配置前提...................................................................................................................... 2-162.6.3注意事项...................................................................................................................... 2-162.6.4配置思路...................................................................................................................... 2-162.6.5配置步骤...................................................................................................................... 2-162.6.6结果验证...................................................................................................................... 2-172.7 Conboot升级软件版本........................................................................................................... 2-172.7.1组网说明...................................................................................................................... 2-172.7.2配置前提...................................................................................................................... 2-172.7.3注意事项...................................................................................................................... 2-172.7.4配置思路...................................................................................................................... 2-182.7.5配置步骤...................................................................................................................... 2-182.7.6结果验证...................................................................................................................... 2-23 3基础转发典型配置案例...................................................................................................................... 3-13.1特性简介.................................................................................................................................. 3-13.1.1二三层转发的工作机制 .................................................................................................. 3-13.1.2安全域的工作机制.......................................................................................................... 3-13.2二层转发配置案例 ................................................................................................................... 3-23.2.1组网说明........................................................................................................................ 3-23.2.2配置前提........................................................................................................................ 3-33.2.3注意事项........................................................................................................................ 3-33.2.4配置思路........................................................................................................................ 3-33.2.5配置步骤........................................................................................................................ 3-33.2.6结果验证........................................................................................................................ 3-53.3三层转发配置案例 ................................................................................................................... 3-63.3.1组网说明........................................................................................................................ 3-63.3.2配置前提........................................................................................................................ 3-73.3.3注意事项........................................................................................................................ 3-73.3.4配置思路........................................................................................................................ 3-73.3.5配置步骤........................................................................................................................ 3-73.3.6结果验证...................................................................................................................... 3-10 4包过滤典型配置案例.......................................................................................................................... 4-14.1特性简介.................................................................................................................................. 4-14.2二层包过滤配置案例................................................................................................................ 4-14.2.1组网说明........................................................................................................................ 4-14.2.2配置前提........................................................................................................................ 4-24.2.3配置思路........................................................................................................................ 4-24.2.4配置步骤........................................................................................................................ 4-24.2.5结果验证........................................................................................................................ 4-74.3基于端口包过滤配置案例......................................................................................................... 4-74.3.1组网说明........................................................................................................................ 4-74.3.2配置前提........................................................................................................................ 4-84.3.3注意事项........................................................................................................................ 4-84.3.4配置思路........................................................................................................................ 4-84.3.5配置步骤........................................................................................................................ 4-84.3.6结果验证...................................................................................................................... 4-124.4基于应用包过滤配置案例....................................................................................................... 4-124.4.1组网说明...................................................................................................................... 4-124.4.2配置前提...................................................................................................................... 4-134.4.3注意事项...................................................................................................................... 4-134.4.4配置思路...................................................................................................................... 4-134.4.5配置步骤...................................................................................................................... 4-144.4.6结果验证...................................................................................................................... 4-184.5包过滤综合配置案例.............................................................................................................. 4-184.5.1组网说明...................................................................................................................... 4-184.5.2配置前提...................................................................................................................... 4-184.5.3注意事项...................................................................................................................... 4-194.5.4配置思路...................................................................................................................... 4-194.5.5配置步骤...................................................................................................................... 4-194.5.6结果验证...................................................................................................................... 4-245 NAT典型配置案例 ............................................................................................................................. 5-15.1特性简介.................................................................................................................................. 5-15.2源NAT配置案例 ..................................................................................................................... 5-25.2.1组网说明........................................................................................................................ 5-25.2.2配置前提........................................................................................................................ 5-25.2.3注意事项........................................................................................................................ 5-35.2.4配置思路........................................................................................................................ 5-35.2.5配置步骤........................................................................................................................ 5-35.2.6结果验证........................................................................................................................ 5-7 5.3目的NAT配置案例.................................................................................................................. 5-85.3.1组网说明........................................................................................................................ 5-85.3.2配置前提........................................................................................................................ 5-85.3.3注意事项........................................................................................................................ 5-95.3.4配置思路........................................................................................................................ 5-95.3.5配置步骤........................................................................................................................ 5-95.3.6结果验证...................................................................................................................... 5-13 5.4一对一NAT配置案例 ............................................................................................................ 5-135.4.1组网说明...................................................................................................................... 5-135.4.2配置前提...................................................................................................................... 5-145.4.3注意事项...................................................................................................................... 5-145.4.4配置思路...................................................................................................................... 5-145.4.5配置步骤...................................................................................................................... 5-155.4.6结果验证...................................................................................................................... 5-18 5.5静态端口块NAT配置案例(盒式)....................................................................................... 5-195.5.1组网说明...................................................................................................................... 5-195.5.2配置前提...................................................................................................................... 5-195.5.3注意事项...................................................................................................................... 5-205.5.4配置思路...................................................................................................................... 5-205.5.5配置步骤...................................................................................................................... 5-205.5.6结果验证...................................................................................................................... 5-23 5.6静态端口块NAT配置案例(框式)....................................................................................... 5-235.6.1组网说明...................................................................................................................... 5-235.6.2配置前提...................................................................................................................... 5-245.6.3注意事项...................................................................................................................... 5-245.6.4配置思路...................................................................................................................... 5-245.6.5配置步骤...................................................................................................................... 5-255.6.6结果验证...................................................................................................................... 5-28 5.7动态端口块NAT配置案例(框式)....................................................................................... 5-295.7.1组网说明...................................................................................................................... 5-295.7.2配置前提...................................................................................................................... 5-295.7.3注意事项...................................................................................................................... 5-305.7.4配置思路...................................................................................................................... 5-305.7.5配置步骤...................................................................................................................... 5-305.7.6结果验证...................................................................................................................... 5-345.8 NAT溯源典型配置.................................................................................................................. 5-345.8.1组网说明...................................................................................................................... 5-345.8.2配置前提...................................................................................................................... 5-355.8.3注意事项...................................................................................................................... 5-355.8.4配置思路...................................................................................................................... 5-355.8.5配置步骤...................................................................................................................... 5-365.8.6结果验证...................................................................................................................... 5-385.9 NAT综合配置案例.................................................................................................................. 5-385.9.1组网说明...................................................................................................................... 5-385.9.2配置前提...................................................................................................................... 5-395.9.3注意事项...................................................................................................................... 5-395.9.4配置思路...................................................................................................................... 5-405.9.5配置步骤...................................................................................................................... 5-405.9.6结果验证...................................................................................................................... 5-44 6链路负载典型配置案例...................................................................................................................... 6-16.1特性简介.................................................................................................................................. 6-16.2多运营商链路配置案例 ............................................................................................................ 6-16.2.1组网说明........................................................................................................................ 6-16.2.2配置前提........................................................................................................................ 6-26.2.3注意事项........................................................................................................................ 6-26.2.4配置思路........................................................................................................................ 6-26.2.5配置步骤........................................................................................................................ 6-26.2.6结果验证........................................................................................................................ 6-67 IPSec VPN典型配置案例 .................................................................................................................. 7-77.1特性简介.................................................................................................................................. 7-77.2网关-网关模式典型配置案例.................................................................................................... 7-87.2.1组网说明........................................................................................................................ 7-87.2.2配置前提........................................................................................................................ 7-97.2.3注意事项........................................................................................................................ 7-97.2.4配置思路........................................................................................................................ 7-97.2.5配置步骤........................................................................................................................ 7-97.2.6结果验证...................................................................................................................... 7-157.3 NAT穿越典型配置案例 .......................................................................................................... 7-157.3.1组网说明...................................................................................................................... 7-157.3.2配置前提...................................................................................................................... 7-167.3.3注意事项...................................................................................................................... 7-167.3.4配置思路...................................................................................................................... 7-167.3.5配置步骤...................................................................................................................... 7-167.3.6结果验证...................................................................................................................... 7-247.4客户端模式配置案例.............................................................................................................. 7-247.4.1组网说明...................................................................................................................... 7-247.4.2配置前提...................................................................................................................... 7-257.4.3注意事项...................................................................................................................... 7-257.4.4配置思路...................................................................................................................... 7-25配置步骤............................................................................................................................... 7-267.4.5结果验证...................................................................................................................... 7-317.5客户端模式第三方认证配置说明............................................................................................ 7-337.5.1 Radius认证设备端配置说明......................................................................................... 7-337.5.2 LDAP认证设备端配置说明........................................................................................... 7-348 SSL VPN 典型配置案列 .................................................................................................................. 8-378.1 SSL VPN 在线模式配置案列 ................................................................................................. 8-378.1.1组网说明...................................................................................................................... 8-378.1.2配置前提...................................................................................................................... 8-378.1.3注意事项...................................................................................................................... 8-388.1.4配置思路...................................................................................................................... 8-388.1.5配置步骤...................................................................................................................... 8-388.1.6结果验证...................................................................................................................... 8-428.2 SSL VPN 旁路模式配置案列 ................................................................................................. 8-448.2.1组网说明...................................................................................................................... 8-458.2.2配置前提...................................................................................................................... 8-458.2.3注意事项...................................................................................................................... 8-458.2.4配置思路...................................................................................................................... 8-458.2.5配置步骤...................................................................................................................... 8-468.2.6结果验证...................................................................................................................... 8-538.3 SSL VPN IOS客户端接入配置案列..................................................................................... 8-548.3.1组网说明...................................................................................................................... 8-548.3.2配置前提...................................................................................................................... 8-558.3.3注意事项...................................................................................................................... 8-55。