部分pix防火墙命令
部分pix防火墙命令

作者:heizi_010101 提交日期:2005-7-30 16:27:00
nameif ethernet0 outside security0
interface ethernet1 100full
ip address outside 10.0.0.1 255.255.255.0
show running-config
write terminal
write erase /*删除闪存中的配置*/
write net
name 172.16.0.2 mailserver
show names clear names
reload
show memory
show version
show ip address
show interface
show cpu usage
ping inside 192.168.21.1
nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 1 192.168.0.20-192.168.0.254
route dmz 10.0.2.0 255.255.255.0 10.0.0.1 1
static (inside,outside) 192.168.0.1 10.0.1.1
conduit permit tcp host 192.168.0.10 eq ftp any
alias (inside) 192.168.0.11 172.16.0.2 255.255.255.255
access-list out_in line 6 permit tcp any 192.168.0.0 255.255.255.0 eq 22
配置和使用对象分组
object-group network grp_id
object-group service grp_id {tcp|udp|tcp-udp}
object-group protocol grp_id
object-group imcp-type grp_id
fixup protocol ftp 2021
ip verify reverse-path interface outside
aaa-server MYTACACS protocol tacacs+
aaa-server MYTACACS (inside) host 10.0.0.2 secretkey tomeout 10
aaa authentication include any outbound 10.0.0.42 255.255.255.255 0.0.0.0 0.0.0.0 MYTACACS
virtual telnet ip_address
virtual http_ip_address [warn]
failover ip address outside 192.168.0.7
failover mac address outside 00a0.c989.e481 00a0.c969.c7f1

nameif e2 MYFAILOVER security55 /*用于故障倒置的安全接别有特别规定吗?*/
#日志日期:2005-7-30 星期六(Saturday) 晴
天涯“2016年度十大最具影响力博客”评选


登录 | 新人注册>>
输入您的评论:(不支持HTML标签)


验证码
本文所属博客:黑子的狗窝
引用地址:
© 天涯社区