瑭﹂涓€(20鍒�)

闁辫畝浠ヤ笅瑾槑锛屽洖绛斿晱椤�銆�

[瑾槑]鏌愰珮鏍＄恫(w菐ng)绲�(lu貌)鎷�?f霉)娣欑鸡鑱鎵€绀猴紝鍏╂牎鍗€(q奴)鏍稿績(CORE-1锛孋ORE-2)锛屽嚭鍙ｉ槻鐏⒒(NGFW-1,NGFW-2)閫氶亷鏍″崁(q奴)闁撳厜绾滀簰鑱�(li谩n)锛岄厤缃甇SPF瀵�(sh铆)鐝�(xi脿n)鍏ㄦ牎璺敱鏀舵晥锛屾牎鍗€(q奴)鐩歌窛40km銆傚叐鏍″崁(q奴)榛樿獚(r猫n)鐢辨湰鍦板嚭鍙ｉ€�(j矛n)琛屼簰鑱�(li谩n)缍�(w菐ng)瑷晱銆�

鏂版牎鍗€(q奴)瑕�(gu墨)鍔冧互闆欐＇鏂瑰紡閮ㄧ讲IPv6缍�(w菐ng)绲�(lu貌)锛屽垎閰嶇殑IPv6鍦板潃鐐�:240C:DB8:1024::/49銆傝珛(q菒ng)灏�1Pv6缍�(w菐ng)绲�(lu貌)鍦板潃瑕�(gu墨)鍔冭〃瑁�(b菙)鍏呭畬鏁�銆�

銆愬晱椤�2銆�(4鍒�)

鐐哄(sh铆)鐝�(xi脿n)NGFW-2鑸嘚GFW-1銆丆ORE-2姝ｅ父寤虹珛OSPF閯板眳闂�(gu膩n)绯�,瀵�(sh铆)鐝�(xi脿n)璺敱鍏ㄦ敹缍�(w菐ng)绲�(lu貌)宸ョ▼甯皪(du矛)NGFW-2閫�(j矛n)琛岀浉闂�(gu膩n)閰嶇疆锛岃珛(q菒ng)瑁�(b菙)鍏呭畬鍠勪笅鍒楃敱trust鍒發ocal鐨勯厤缃€�

[NGFW-2]firewallzonetrust

[NGFW-2-zone-trust]addinterfaceGigabitEthernet0/0/1

[NGFW-2-zone-trust]addinterfaceGigabitEthernet0/0/2

[NGFW-2]security-policy

[NGFW-2-policy-security]rulenamepolicy1

[NGFW-2-policy-security-rule-policy_1]source-zonetrust

[NGFW-2-policy-security-rule-policy1]destination-zone(1)

[NGFW-2-policy-security-rule-policy1]source-address(2)

[NGFW-2-policy-security-rule-policy1]serviceprotocol(3)

[NGFW-2-policy-security-rule-policy_1]action(4)

銆愬晱椤�3銆�(4鍒�)

缍�(w菐ng)绲�(lu貌)宸ョ▼甯敹鍒版晠闅滃牨(b脿o)鍛�,鏌愮祩绔敤鎴跺彲鎴愬姛鐛插彇IP鍦板潃,姝ｅ父瑷晱鏍″収(n猫i)妤�(y猫)鍕�(w霉)锛屽嵒鐒℃硶瑷晱Internet.鍦ㄨ┎绲傜涓婅矾鐢辫窡韫ゆ脯瑭�,鍙甯歌嚦NGFW-2,浜庢槸鍦ㄧ祩绔笂閫�(j矛n)琛宲ing114.114.114.114娓│,绲�(ji茅)鏋滈’绀�“璜�(q菒ng)姹傝秴鏅�(sh铆)”锛屽悓鏅�(sh铆)鍦∟GFW-2鏌ョ湅鍒板涓嬫渻(hu矛)瑭憋細

璜�(q菒ng)鍒嗘瀽瑭叉晠闅滅殑鍘熷洜骞舵彁鍑鸿В姹烘帾鏂姐€�

闃茬伀澧荤殑G0/0/4鎺ュ彛鎸囧悜閬�(y霉n)鐕熷晢61.2.7.1鍦板潃,鑰屽収(n猫i)閮ㄥ湴鍧€娌掓湁琚玁AT杞�(zhu菐n)鎻�銆傞厤缃熀浜庢彌骞堕厤缃浉闂�(gu膩n)鏀捐绛栫暐銆�

銆愬晱椤�4銆�(3鍒�)

缍�(w菐ng)绲�(lu貌)宸ョ▼甯帴鍒版晠闅滃牨(b脿o)鍛�,鏌愮祩绔敤鎴剁恫(w菐ng)绲�(lu貌)鏅�(sh铆)閫氭檪(sh铆)鏂�,鐒℃硶姝ｅ父涓婄恫(w菐ng)銆傚湪鐢ㄦ埗绲傜涓婇€氶亷鍛戒护娓│绲�(ji茅)鏋滃涓�:

閫氶亷涓婂湒鍙互鍒ゆ柗缍�(w菐ng)绲�(lu貌)閬彈浜�(1)鏀绘搳,鐐鸿В姹鸿┎鏁呴殰,缍�(w菐ng)绲�(lu貌)宸ョ▼甯湪鐢ㄦ埗闆昏叇涓婇厤缃簡闈滄厠(t脿i)ARP缍佸畾锛屽悓鏅�(sh铆)鍦ㄨō(sh猫)鍌�(2)涓婇厤缃�(3)鍔熻兘銆�

銆愬晱椤�5銆�(6鍒�)

缍�(w菐ng)绲�(lu貌)宸ョ▼甯厤缃甆GFW-2浣滅偤SSLVPN缍�(w菐ng)闂�(gu膩n)鐐虹恫(w菐ng)绲�(lu貌)绠＄悊鍝℃彁渚涘畨鍏ㄩ仩(yu菐n)绋嬫帴鍏ワ紝鍙互闅ㄦ檪(sh铆)闅ㄥ湴灏�(du矛)鏍″湌缍�(w菐ng)鍏�(n猫i)缍�(w菐ng)绲�(lu貌)閫�(j矛n)琛岃í鍟忓拰绠＄悊銆係SLVPN鍏呭垎鍒╃敤SSL鍗�(xi茅)璀板熀浜庢暩(sh霉)瀛楄瓑鏇告彁渚涚殑瀹夊叏姗�(j墨)鍒�,鐐烘噳(y墨ng)鐢ㄥ堡涔嬮枔鐨勯€氫俊寤虹珛瀹夊叏閫ｆ帴銆�

(1)SSL鍗�(xi茅)璀板畨鍏ㄦ(j墨)鍒跺寘鎷�:()銆佹暩(sh霉)鎿�(j霉)鍔犲瘑銆�()

(2)鏁�(sh霉)鎿�(j霉)鍔犺В瀵嗙畻娉曚富瑕佸垎鐐哄皪(du矛)绋卞瘑閼扮畻娉曘€侀潪灏�(du矛)绋卞瘑閼扮畻娉�,璜�(q菒ng)绨¤鎻忚堪SSL鍗�(xi茅)璀板浣曞埄鐢ㄩ€欏叐椤炵畻娉曞(sh铆)鐝�(xi脿n)鏁�(sh霉)鎿�(j霉)鍌宠几?sh霉)鑷婥(j墨)瀵嗘€�銆�

(3)缍�(w菐ng)绲�(lu貌)宸ョ▼甯湪閰嶇疆SSLVPN涔嬪墠,闇€瑕佸悜()鐢宠珛(q菒ng)璀夋浉鏂囦欢,骞跺皣鍏朵笂鍌宠嚦NGFW-2鐨勬寚瀹氫綅缃€�

鍙冭€冭В鏋愶細

[鍟忛1]

(1) 240C:DB8:1024:1-240C:DB8:1024:1:FFFF:FFFF:FFFF

(2)51

[鍟忛2]

(1)local

(2)10.0.0.024

(3)89

(4) permit

[鍟忛3]

闃茬伀澧荤殑GO/0/4鎺ュ彛鎸囧悜閬�(y霉n)鐕熷晢61.2.7.1鍦板潃锛岃€屽収(n猫i)閮ㄥ湴鍧€娌掓湁琚玁AT杞�(zhu菐n)鎻�銆傞厤缃熀浜庢簮IP鐨凬AT杞�(zhu菐n)鎻涘苟閰嶇疆鐩搁棞(gu膩n)鏀捐绛栫暐銆�

[鍟忛4]

(1)ARP娆洪

(2) CORE2

(3)闃睞RP娆洪鏀绘搳

[鍟忛5]

(1)韬唤椹�(y脿n)璀�銆佹秷鎭畬鏁存€�

(2)鐧�(f膩)閫佹柟鍦ㄧ櫦(f膩)閫佹暩(sh霉)鎿�(j霉)鍓�,浣跨敤鍔犲瘑绠楁硶鍜屽姞瀵嗗瘑閼板皪(du矛)鏁�(sh霉)鎿�(j霉)閫�(j矛n)琛屽姞瀵�,鐒跺悗灏囨暩(sh霉)鎿�(j霉)鐧�(f膩)閫佺郸灏�(du矛)鏂�;鎺ユ敹鏂规帴鏀跺埌鏁�(sh霉)鎿�(j霉)鍚�,鍒╃敤瑙ｅ瘑绠楁硶鍜岃В瀵嗗瘑閼板緸瀵嗘枃涓嵅鍙栨槑鏂�銆傛矑鏈夎В瀵嗗瘑閼扮殑绗笁鏂�,鐒℃硶灏囧瘑鏂囨仮寰�(f霉)鐐烘槑鏂�,寰炶€屼繚璀夋暩(sh霉)鎿�(j霉)鍌宠几?sh霉)鑷婥(j墨)瀵嗘€с€�

(3)CA

浠ヤ笂灏辨槸“2024涓婂崐骞寸恫(w菐ng)绲�(lu貌)宸ョ▼甯€冭│銆婃噳(y墨ng)鐢ㄦ妧琛�(sh霉)銆嬬湡椤屽強绛旀瑙ｆ瀽锛堣│椤屼竴锛�”鐨勫収(n猫i)瀹逛簡锛屽笇鏈涙湰鏂囧皪(du矛)澶у鑳藉鏈夋墍骞姪銆傛韩棣ㄦ彁绀猴細鐐哄強鏅�(sh铆)鐛插彇2024涓婂崐骞磋粺鑰冧腑绱�(j铆)缍�(w菐ng)绲�(lu貌)宸ョ▼甯垚绺炬煡瑭㈡檪(sh铆)闁�銆佽瓑鏇搁牁(l菒ng)鍙栨檪(sh铆)闁撶瓑鐩搁棞(gu膩n)淇℃伅锛屾帹钖﹀悇浣嶈€冪敓浣跨敤 鍏嶈不(f猫i)闋�(y霉)绱勭煭淇℃彁閱�鏈嶅嫏(w霉)銆傚彟澶栵紝鏂囩珷灏鹃儴鏈夎ū澶�“绮鹃伕瑾茬▼”锛屽ぇ瀹跺彲浠ラ粸(di菐n)鎿�鍏嶈不(f猫i)闋�(l菒ng)鍙栧摝锛�