【Ejemplo de uso compartido】Aplicación de firewalls en el Campus Egress Security Solution-S

79 0 0 0

Verificación


Cuando los usuarios en el campus acceden a la extranet, GE1 / 0/1 reenvía el tráfico destinado a la red educativa, GE1 / 0/2 reenvía el tráfico destinado a la red ISP1 y el tráfico destinado a la red ISP2 reenvía GE1 / 0/3.

GE1 / 0/1 reenvía el tráfico destinado a los servidores de otros campus y el tráfico de acceso a la red de los usuarios en la biblioteca.

Compruebe la configuración y actualización de la base de datos de firmas IPS.

# Ejecute el comandodisplay update configurationpara verificar la información de actualización de la base de datos de firmas IPS.

[sysname]display update configuration

Update Configuration Information:                                              

------------------------------------------------------------                   

 Update Server              : sec.huawei.com                                 

 Update Port                : 80                                             

 Proxy State                : disable                                        

 Proxy Server               : -                                              

 Proxy Port                 : -                                              

 Proxy User                 : -                                              

 Proxy Password             : -                                              

 IPS-SDB:                                                                     

   Application Confirmation : Disable                                        

   Schedule Update          : Enable                                         

   Schedule Update Frequency : Daily                                          

   Schedule Update Time     : 02:30                                          

 AV-SDB:               

   Application Confirmation : Disable                                        

   Schedule Update          : Enable                                         

   Schedule Update Frequency : Daily                                          

   Schedule Update Time     : 02:30                                          

 SA-SDB:                                                                      

   Application Confirmation : Disable                                        

   Schedule Update          : Enable                                         

   Schedule Update Frequency : Daily                                          

   Schedule Update Time     : 02:30                                          

 IP-REPUTATION:                                                           

   Application Confirmation : Disable                                        

   Schedule Update          : Enable                                         

   Schedule Update Frequency : Daily                                          

   Schedule Update Time     : 02:30                                          

 CNC:                                                                         

   Application Confirmation : Disable                                        

   Schedule Update          : Enable                                         

   Schedule Update Frequency : Daily                                          

Schedule Update Time     : 02:30        

Ejecute el comandodisplay firewall server-mappara verificar las entradas de server-map generadas por el balanceo de carga del servidor.

[sysname]display firewall server-map slb

Current Total Server-map : 3                                                  

Type: SLB, ANY -> 3.3.113.113[grp1/1], Zone:---, protocol:---              

Vpn: public -> public                                                         

Type: SLB, ANY -> 2.2.112.112[grp1/1], Zone:---, protocol:---              

Vpn: public -> public                                                         

Type: SLB, ANY -> 1.1.111.111[grp1/1], Zone:---, protocol:---              

Vpn: public -> public        

Ejecute el comandodisplay firewall server-mappara verificar las entradas de server-map generadas por la función del servidor NAT.

[sysname]display firewall server-map nat-server

Current Total Server-map : 12                                                 

Type: Nat Server, ANY -> 1.1.15.15[10.1.10.20], Zone: edu_zone , protocol:--

-                                                                              

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 2.2.15.15[10.1.10.20], Zone: isp1_zone , protocol:-

--                                                                             

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 2.2.16.16[10.1.10.20], Zone: isp1_zone , protocol:-

--                                                                             

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 2.2.17.17[10.1.10.20], Zone: isp1_zone , protocol:-

--                                                                             

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 3.3.15.15[10.1.10.20], Zone: isp2_zone , protocol:-

--                                                                             

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 3.3.16.16[10.1.10.20], Zone: isp2_zone , protocol:-

--                                                                             

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 1.1.101.101[10.1.10.30], Zone: edu_zone , protocol:

---                                                                            

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 2.2.102.102[10.1.10.30], Zone: isp1_zone , protocol

:---                                                                           

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 2.2.103.103[10.1.10.30], Zone: isp1_zone , protocol

:---                                                                           

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 2.2.104.104[10.1.10.30], Zone: isp1_zone , protocol

:---                                                                           

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 3.3.102.102[10.1.10.30], Zone: isp2_zone , protocol

:---                                                                           

Vpn: public -> public                                                         

                                                                               

Type: Nat Server, ANY -> 3.3.103.103[10.1.10.30], Zone: isp2_zone , protocol

:---                                                                           

Vpn: public -> public                                                         

                                                                               

Type: Nat Server Reverse, 10.1.10.20[3.3.16.16] -> ANY, Zone: isp2_zone , pr

otocol:---                                                                     

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.20[3.3.15.15] -> ANY, Zone: isp2_zone , pr

otocol:---                                                                     

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.20[2.2.17.17] -> ANY, Zone: isp1_zone , pr

otocol:---                                                                     

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.20[2.2.16.16] -> ANY, Zone: isp1_zone , pr

otocol:---                                                                     

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.20[2.2.15.15] -> ANY, Zone: isp1_zone , pr

otocol:---                                                                     

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.20[1.1.15.15] -> ANY, Zone: edu_zone , pro

tocol:---                                                                      

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.30[3.3.103.103] -> ANY, Zone: isp2_zone , 

protocol:---                                                                   

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.30[3.3.102.102] -> ANY, Zone: isp2_zone , 

protocol:---                                                                   

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.30[2.2.104.104] -> ANY, Zone: isp1_zone , 

protocol:---                                                                   

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.30[2.2.103.103] -> ANY, Zone: isp1_zone , 

protocol:---                                                                   

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.30[2.2.102.102] -> ANY, Zone: isp1_zone , 

protocol:---                                                                   

Vpn: public -> public, counter: 1                                            

                                                                               

Type: Nat Server Reverse, 10.1.10.30[1.1.101.101] -> ANY, Zone: edu_zone , p

rotocol:---                                                                    

Vpn: public -> public, counter: 1  

Compruebe los registros de sesión en la eSight.              

This post was last edited by Luis_Cazares at 2019-01-28 15:06.
  • x
  • convención:

Responder

Responder
Debe iniciar sesión para responder la publicación Inicio de sesi | Registrarse

Aviso: Para garantizar sus legítimos derechos e intereses, la comunidad y los terceros no publicarán contenido que pueda generar riesgos legales a las partes, por ejemplo, pornografía, contenido político, contenido sobre juego, consumo y tráfico de drogas, así como contenido que viole los derechos de propiedad intelectual de terceros, por ejemplo, secretos comerciales, marcas, derechos de autor, patentes y privacidad personal. No comparta su cuenta ni su contraseña con terceros. Todas las operaciones realizadas usando su cuenta se considerarán como sus acciones y todas las consecuencias que estas acciones generen serán responsabilidad suya. Para obtener información detallada, consulte la “ Política de privacidad.”
Si el botón para adjuntar no está disponible, actualice Adobe Flash Player con la versión más reciente

¡Ingresa y disfruta de todos los beneficios para los miembros!

Aterrizaje
Respuesta rápida Desplácese hasta arriba