Huawei Firewall 6000web Interface configuration

Experiment name Huawei Firewall 6000web interface configuration

Experimental topological diagram

3. Experiment Objective: 1. Enable intranet 192.168..2.0 network segment through PAT conversion can SISU network

2. Enable intranet Client 1 to access the extranet Web server

3. Publish intranet Web server, can make the outside network Client2 can access

4. Address planning: trust:client1:192.168.2.1 255.255.255.0

Gateway 192.168.2.254

dmz:192.168.3.1 255.255.255.0

Gateway 192.168.3.254

FW1:

(Management IP): g0/0/0:192.168.0.1 255.255.255.0

g1/0/2:100.0.0.1 255.255.255.0

g1/0/0:192.168.2.254 255.255.255.0

IP address of AR1:

Untrust District: g0/0/0:100.0.0.2 255.255.255.0

g0/0/2:100.0.1.254 255.255.255.0

Server 2:100.0.1.1 255.255.255.0

gateway:100.0.1.254

client1:100.0.1.2 255.255.255.0

gateway:100.0.1.254

5. Configuration idea: First configure the boundary firewall FW1, the IP address of each zone, and the IP address of the extranet router AR1, then configure the IP address of each terminal, then configure the default route of the extranet on the boundary firewall, and Pat address conversion, So that the intranet 192.168.2.0 network segment can be Sisu network, and finally configure the intranet Web server publishing, so that the external network can access the intranet published Web server

6. Operation Procedure:

# First configure the FW1 management IP address, the default is 192.168.0.1, I changed to 192.168.0.2

# Before I do the configuration, let me just say it briefly. To configure the Web interface of the firewall, it is actually the Web interface of the router, there is an IP address, as long as you set the physical machine root it into the same network segment, you can

To visit,

# Next go to Firewall, command line interface, set password

The password must be complex, or it will not be set successfully

Then turn on web features

Web-manager Enable

# The cloud above, the simulation is the physical machine, its IP address is 192.168.0.1 and firewall in the same network segment

# Next Open Firefox, enter 192.168.0.2, go to Web interface//must be Firefox browser

As shown in the following:

# Enter the user name, password, enter the main configuration interface as shown in

# Next click on the network, configure the IP address of each port as shown in

# Configure the IP address of AR1 below

Interface g0/0/0

IP address 100.0.0.2 255.255.255.0

Undo Shutdown

Interfae G0/0/1

IP address 100.0.1.254 255.255.255.0

Undo Shutdown

# Configure IP addresses for each terminal

Client 1:

IP address 192.168.2.1 255.255.255.0

Gateway 192.168.2.254

Server-web (Intranet)

IP address 192.168.3.1 255.255.255.0

Gateway 192.168.3.254

Client 2:

IP address 100.0.1.2 255.255.255.0

Gateway 100.0.1.254

Server-web (External network)

IP address 100.0.1.1 255.255.255.0

Gateway 100.0.1.254

# All IP addresses are nearly configured, the following on the Web firewall configuration Pat address, conversion, as well as the default route to the outside network, so that the intranet 192.168.2.0 network segment, can Sisu network, and can access the extranet Web server

As shown

# as shown, modify the security policy to allow the firewall to let ICMP,HTTP,FTP traffic pass through

In order to do Pat address conversion, so that the intranet can sisu network

#以示使做默认路由, so that the intranet can Sisu network,

# Verify with test: Ping 100.0.0.2 as shown in

And

#以示说明内网可以访问外网web服务器了,

#以示说明内网已经可以上外网了

_______________________________________________________________________________________________________________ _______________________________________ End

Description: Intranet Publishing Web server, on the Web firewall did, did not succeed, so I did not write, if anyone knows how to do, please leave a message below, thank you,

Huawei Firewall 6000web Interface configuration