文档介绍:地址池:
----20
GE 0/0/1
GE 0/0/3
GE 0/0/2
-policy-interzone-trust-untrust-outbound-1] action permit
[USG5300-policy-interzone-trust-untrust-outbound-1] quit
DMZ和Untrust域间:
policy 2:,目的端口为21的报文通过
policy 3:,目的端口为8080的报文通过
配置Untrust到DMZ域间入方向的防火墙策略。
[USG5300] policy interzone untrust dmz inbound
[USG5300-policy-interzone-dmz-untrust-inbound] policy 2
[USG5300-policy-interzone-dmz-untrust-inbound-2] policy destination 0
[USG5300-policy-interzone-dmz-untrust-inbound-2] policy service service-set ftp
[USG5300-policy-interzone-dmz-untrust-inbound-2] action permit
[USG5300-policy-interzone-dmz-untrust-inbound-2] quit
[USG5300-policy-interzone-dmz-untrust-inbound] policy 3
[USG5300-policy-interzone-dmz-untrust-inbound-3] policy destination 0
[USG5300-policy-interzone-dmz-untrust-inbound-3] policy service service-set http
[USG5300-policy-interzone-dmz-untrust-inbound-3] action permit
[USG5300-policy-interzone-dmz-untrust-inbound-3] quit
[USG5300-policy-interzone-dmz-untrust-inbound] quit
应用FTP的NAT ALG功能。
[USG5300] firewall interzone dmz untrust
[USG5300-interzone-dmz-untrust] detect ftp
[USG5300-interzone-dmz-untrust] quit
配置内部服务器:
<USG5300> system-view
[USG5300] nat server protocol tcp global 8080 inside