命令手冊-安全防范_第1頁
命令手冊-安全防范_第2頁
命令手冊-安全防范_第3頁
命令手冊-安全防范_第4頁
命令手冊-安全防范_第5頁
已閱讀5頁,還剩154頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認(rèn)領(lǐng)

文檔簡介

目錄

第1章安全區(qū)域配置命令............................................................1-1

1.1安全區(qū)域配置命令............................................................1-1

1.1.1addinterface...........................................................................................................1-1

1.1.2displayinterzone...................................................................................................1-2

1.1.3displayzone..........................................................................................................1-2

1.1.4firewallinterzone...................................................................................................1-3

1.1.5firewallzone..........................................................................................................1-4

1.1.6setpriority..............................................................................................................1-5

第2章ACL基礎(chǔ)配置命令............................................................2-1

2.1訪問控制列表配置命令........................................................2-1

2.1.1acl...........................................................................................................................2-1

2.1.2displayacl..............................................................................................................2-2

2.1.3resetaclcounter....................................................................................................2-4

2.1.4rule........................................................................................................................2-4

2.1.5displaytime-range.................................................................................................2-8

2.1.6time-range.............................................................................................................2-9

第3章安全策略配置命令............................................................3-1

3.1包過濾防火墻配置命令........................................................3-1

3.1.1debuggingfirewallpacket-filter...............................................................................3-1

3.1.2displayfirewallpacket-filterdefault.......................................................................3-2

3.1.3firewallpacket-filterdefault....................................................................................3-3

3.1.4packet-filter............................................................................................................3-4

3.2狀態(tài)防火墻配置命令..........................................................3-4

3.2.1debuggingfirewallaspf..........................................................................................3-4

3.2.2detect.....................................................................................................................3-5

3.2.3displayfirewallsession..........................................................................................3-6

3.2.4firewallsessionaging-time....................................................................................3-9

3.2.5resetfirewallsessiontable.................................................................................3-10

3.3黑名單配置命令............................................................3-11

3.3.1debuggingfirewallblacklist..................................................................................3-11

3.3.2displayfirewallblacklist.......................................................................................3-11

3.3.3firewallblacklist...................................................................................................3-12

3.4MAC和IP地址綁定配置命令................................................3-13

3.4.1debuggingfirewallmac-binding............................................................................3-13

3.4.2displayfirewallmac-binding................................................................................3-14

3.4.3firewallmac-binding............................................................................................3-15

3.5端口識別配置命令..........................................................3-16

3.5.1displayport-mapping............................................................................................3-16

,16

3.5.2port-mapping34-

1

-

第4章NAT配置命令….…4

1

4.1NAT配置命令.........4

1

4.1.1debuggingnat......4

1

4.1.2displaynat............4

2

4.1.3nataddress-group4

3

4.1.4natoutbound........4

5

4.1.5natserver.............4

7

4.1.6natalg...................

51

第5章攻擊防范配置命令....

1

5.1攻擊防范配置命令5-

5-1

5.1.1debuggingfirewalldefend.5-

2

5.1.2displayfirewalldefendflag5-

5-2

5.1.3firewalldefendfraggle......5-

5-3

5.1.4firewalldefendicmp-flood.

5-4

5.1.5firewalldefendicmp-floodenable5-

5-5

5.1.6firewalldefendicmp-redirect......

5-5

5.1.7firewalldefendicmp-unreachable5-

5-6

5.1.8firewalldefendip-fragment..........5-

5-16

5.1.9firewalldefendip-spoofing.........5-17

5.1.10firewaldefendip-sweep5-1

5-18

5.1.11firewaldefendland.......5-19

5-1

5.1.12firewaldefendlarge-icmp....5-19

5.1.13firewaldefendping-of-death5-1

5-10

5.1.14firewaldefendport-scan.....5-11

5.1.15firewaldefendroute-record.5-1

5-611

5.1.16firewaldefendsmurf2

5.1.17firewalldefendsource-route3

5.1.18firewaldefendsyn-flood...........4

5.1.19firewaldefendsyn-floodenable5

5.1.20firewaldefendtcp-flag..............5

5.1.21firewaldefendteardrop.............6

5.1.22firewaldefendtracert................7

5.1.23firewaldefendudp-flood...........8

5.1.24firewaldefendudp-floodenable8

5.1.25firewaldefendwinnuke.............

1

第6章IDS聯(lián)動配置命令................

61

6.1IDS聯(lián)動配置命令................-

61

6.1.1debuggingfirewallids..............-

6-1

6.1.2displayfirewallids...................

6-2

6.1.3firewallidsauthenticationtype

6-3

6.1.4firewallidsenable....................-

64

6.1.5firewallidsport........................-

65

6.1.6firewallidsserver.....................

第7章報文統(tǒng)計配置命令............................................................7-1

7.1報文統(tǒng)計配置命令............................................................7-1

7.1.1displayfirewallstatistic...........................................................................................7-1

7.1.2firewallstatisticssystemconnect-number.............................................................7-2

7.1.3firewallstatisticssystemenable............................................................................7-3

7.1.4firewallstatisticssystemflow-percent...................................................................7-3

7.1.5resetstatistics........................................................................................................7-5

7.1.6resetstatisticsfirewall...........................................................................................7-5

7.1.7statisticsconnect-number.....................................................................................7-6

7.1.8statisticsconnect-speed........................................................................................7-7

7.1.9statisticsenable.....................................................................................................7-9

第8章AAA及RADIUS協(xié)議配置命令................................................8-1

8.1AAA及RADIUS協(xié)議配置命令..................................................8-1

8.1.1aaaaccounting-schemeoptional...........................................................................8-1

8.1.2aaaaccounting-schemeppp.................................................................................8-2

8.1.3aaaauthentication-schemelocal-first...................................................................8-3

8.1.4aaaauthentication-schemelogin..........................................................................8-4

8.1.5aaaauthentication-schemeppp............................................................................8-6

8.1.6aaaenable.............................................................................................................8-7

8.1.7debuggingaaaevent.............................................................................................8-8

8.1.8debuggingaaaprimitive........................................................................................8-9

8.1.9debuggingradiuspacket.......................................................................................8-9

8.1.10displayaaauser................................................................................................8-10

8.1.11displaylocal-user...............................................................................................8-11

8.1.12dnis-mapaccounting.........................................................................................8-12

8.1.13dnis-mapauthentication....................................................................................8-13

8.1.14dnis-mapenable................................................................................................8-14

8.1.15dnsprimary........................................................................................................8-15

8.1.16dnssecondary...................................................................................................8-15

8.1.17ippool................................................................................................................8-16

8.1.18ispaccounting...................................................................................................8-17

8.1.19ispauthentication..............................................................................................8-18

8.1.20ispdomain.........................................................................................................8-19

8.1.21ispipaddress.....................................................................................................8-19

8.1.22local-usercallback-nocheck...............................................................................8-20

8.1.23local-usercallback-number................................................................................8-21

8.1.24local-usercall-number.......................................................................................8-21

8.1.25local-userftp-directory.......................................................................................8-22

8.1.26local-userlevel..................................................................................................8-23

8.1.27local-userpassword..........................................................................................8-24

8.1.28local-userservice-type......................................................................................8-25

8.1.29radiusappoint-authentication............................................................................8-26

8.1.30radiusretry........................................................................................................8-27

8.1.31radiusserver.......................................................................................................8-28

8.1.32radiusshared-key..............................................................................................8-30

8.1.33radiustimerquiet...............................................................................................8-30

8.1.34radiustimerrealtime-accounting.......................................................................8-31

8.1.35radiustimerresponse-timeout...........................................................................8-32

8.1.36radius-servertemplate......................................................................................8-33

8.1.37remoteaddress.................................................................................................8-33

第9章IPSec和IKE配置命令.......................................................9-1

9.1IPSec配置命令.............................................................9-1

9.1.1ahauthentication-algorithm....................................................................................9-1

9.1.2debuggingipsec....................................................................................................9-2

9.1.3displayipsecpolicy................................................................................................9-2

9.1.4displayipsecpolicy-template.................................................................................9-4

9.1.5displayipsecproposal............................................................................................9-6

9.1.6displayipsecsa......................................................................................................9-7

9.1.7displayipsecstatistics.........................................................................................9-10

9.1.8encapsulation-mode............................................................................................9-11

9.1.9espauthentication-algorithm...............................................................................9-12

9.1.10espencryption-algorithm...................................................................................9-13

9.1.11ipsecpolicy(接口視圖).............................................9-14

9.1.12ipsecpolicy(系統(tǒng)視圖).............................................9-14

9.1.13ipsecpolicy-template.........................................................................................9-16

9.1.14ipsecproposal...................................................................................................9-17

9.1.15ipsecsaglobal-duration....................................................................................9-18

9.1.16pfs......................................................................................................................9-19

9.1.17proposal.............................................................................................................9-19

9.1.18resetipsecsa....................................................................................................9-20

9.1.19resetipsecstatistics..........................................................................................9-22

9.1.20saauthentication-hex........................................................................................9-22

9.1.21saduration..........................................................................................................9-24

9.1.22saencryption-hex..............................................................................................9-25

9.1.23saspi.................................................................................................................9-27

9.1.24sastring-key......................................................................................................9-28

9.1.25securityacl........................................................................................................9-29

9.1.26transform...........................................................................................................9-30

9.1.27tunnellocal........................................................................................................9-31

9.1.28tunnelremote....................................................................................................9-32

9.2IKE配置命令...............................................................9-33

9.2.1authentication-algorithm.......................................................................................9-33

9.2.2authentication-method.........................................................................................9-34

9.2.3debuggingike......................................................................................................9-34

9.2.4dh........................................................................................................................9-35

9.2.5displayikepre-shared-key..................................................................................9-36

9.2.6displayikeproposal.............................................................................................9-37

9.2.7displayikesa.......................................................................................................9-38

9.2.8encryption-algorithm............................................................................................9-39

9.2.9ikepre-shared-key..............................................................................................9-40

9.2.10ikeproposal.............................................................................................................9-41

9.2.11ikesakeepalive-timerinterval................................................................................9-42

9.2.12ikesakeepalive-timertimeout...............................................................................9-42

9.2.13resetikesa..............................................................................................................9-43

9.2.14saduration...............................................................................................................9-45

QuidwayEudemon系列防火墻命令手冊

(安全防范)第1章安全區(qū)域配置命令

第1章安全區(qū)域配置命令

1.1安全區(qū)域配置命令

1.1.1addinterface

【命令】

addinterfaceinterface-nameinterface-number

undoaddinterfaceinterface-nameinterface-number

【視圖】

安全區(qū)域視圖

【參數(shù)】

interface-name:接口名稱。

interface-number:接口編號。

【描述】

命令addinterface用來添加隸屬于安全區(qū)域的接口,命令undoadd

interface用來刪除隸屬于安全區(qū)域的接口。

除了Local區(qū)域以外,所有其他安全區(qū)域使用時需要分別與防火墻的特定接口

相關(guān)聯(lián),即需要將接口加入到區(qū)域。該接口既可以是物理接口,也可以是邏

輯接口。

可多次使用該命令為安全區(qū)域指定多個接口,一個安全區(qū)域所能夠支持的接

口數(shù)量為32。

相關(guān)配置可參考命令firewallzone、displayzone。

【舉例】

#進入Trust區(qū)域視圖,并添加接口Ethernet0/0/0隸屬于Trust區(qū)域。

[Eudemon]firewallzonetrust

[Eudemon-zone-trust]addinterfaceethernet0/0/0

1-1

QuidwayEudemon系列防火墻命令手冊

(安全防范)第1章安全區(qū)域配置命令

1.1.2displayinterzone

【命令】

displayinterzone[zone-name!zone-name2]

【視圖】

所有視圖

【參數(shù)】

zone-name1:安全區(qū)域名稱。

zone-name2:安全區(qū)域名稱。

【描述】

命令displayinterzone用來顯示兩個安全區(qū)域的域間安全策略的配置信息。

當(dāng)不指定兩個安全區(qū)域的名稱時則顯示所有域間的相關(guān)信息。

相關(guān)配置可參考命令firewallinterzone、displayzoneo

【舉例】

#顯示Trust和DMZ的域間安全策略的配置信息。

[Eudemon]displayinterzonetrustdmz

interzonetrustDMZ

packet-filter11inbound

detectftp

該命令顯示了域間安全策略的配置信息,如上所示,該域間已經(jīng)配置了以ACL

11為規(guī)則的入方向上的包過濾策略,同時對FTP協(xié)議進行了ASPF的有狀態(tài)

過濾策略。

1.1.3displayzone

【命令】

displayzone[zone-name][interface|priority]

【視圖】

所有視圖

1-2

QuidwayEudemon系列防火墻命令手冊

(安全防范)第1章安全區(qū)域配置命令

【參數(shù)】

zone-name:安全區(qū)域名稱。

interface:顯示隸屬于安全區(qū)域的接口。

priority:顯示安全區(qū)域的安全優(yōu)先級。

【描述】

命令displayzone用來顯示安全區(qū)域的配置信息,包括隸屬于安全優(yōu)先級、

隸屬于安全區(qū)域的接口等。

當(dāng)不指定安全區(qū)域名稱時則顯示所有區(qū)域相關(guān)配置信息。

當(dāng)不指定interface和priority關(guān)鍵字時,顯示所有配置信息。

相關(guān)配置可參考命令firewallzone、addinterface和setpriority0

【舉例】

#顯示DMZ區(qū)域的配置信息。

[Eudemon]displayzonedmz

DMZ

interfaceofthezoneis:

Ethernet3/0/0

priorityis50

如上所示,該命令顯示了隸屬于DMZ區(qū)的接口為Ethernet3/0/0,DMZ區(qū)的

安全優(yōu)先級為50。

1.1.4firewallinterzone

【命令】

firewallinterzonezone-name1zone-name2

【視圖】

系統(tǒng)視圖

【參數(shù)】

zone-name1:安全區(qū)域名稱。

1-3

QuidwayEudemon系列防火墻命令手冊

(安全防范)第

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

最新文檔

評論

0/150

提交評論