防火墻的安全策略

1.VLAN 2屬于辦公區;VLAN 3屬于生產區，創建時間段

[FW]ip address-set BG type object 
[FW-object-address-set-BG]address 192.168.1.0 mask 25
[FW]ip address-set SC type object 	
[FW-object-address-set-SC]address 192.168.1.129 mask 25
[FW]ip address-set OA_Server type object 
[FW-object-address-set-OA_Server]address 10.0.0.1 mask 32
[FW]ip address-set  Web_Server type object 	
[FW-object-address-set-Web_Server]address 10.0.0.2 mask 32
[FW]time-range working_time
[FW-time-range-working_time]period-range 08:00:00 to 18:00:00 working-day
[FW]time-range update_time
[FW-time-range-update_time]period-range 10:00:00 to 11:00:00 Mon

2、辦公區PC在工作日時間(周一至周五，早8到晚6)可以正常訪問0A server，其他時間不允許?

?3，辦公區PC可以在任意時刻訪問wed server,生產區PC可以在任意時刻訪問0A Server，但是不能訪問web server

[FW]security-policy 
[FW-policy-security]rule name policy_2	
[FW-policy-security-rule-policy_2]description BG to Web
[FW-policy-security-rule-policy_2]source-zone trust 
[FW-policy-security-rule-policy_2]destination-zone dmz 
[FW-policy-security-rule-policy_2]source-address address-set BG
[FW-policy-security-rule-policy_2]destination-address address-set Web_Server
[FW-policy-security-rule-policy_2]action permit
[FW]security-policy 
[FW-policy-security]rule name policy_3
[FW-policy-security-rule-policy_3]description SC to OA
[FW-policy-security-rule-policy_3]source-zone trust 
[FW-policy-security-rule-policy_3]destination-zone dmz 
[FW-policy-security-rule-policy_3]source-address address-set  SC	
[FW-policy-security-rule-policy_3]destination-address address-set OA_Server 
[FW-policy-security-rule-policy_3]action permit

?5、特例:生產區PC3可以在每周一早10到早11訪問Web server，用來更新企業最新產品信息?

[FW]security-policy 
[FW-policy-security]rule name policy_4
[FW-policy-security-rule-policy_4]description SC to Web_Server
[FW-policy-security-rule-policy_4]source-zone trust 
[FW-policy-security-rule-policy_4]destination-zone dmz
[FW-policy-security-rule-policy_4]source-address address-set SC
[FW-policy-security-rule-policy_4]destination-address address-set Web_Server 
[FW-policy-security-rule-policy_4]time-range update_time
[FW-policy-security-rule-policy_4]action permit

pc1ping網關測通

pc1pingOA與web

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/web/68058.shtml
繁體地址，請注明出處：http://hk.pswp.cn/web/68058.shtml
英文地址，請注明出處：http://en.pswp.cn/web/68058.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！