NetEngine AR V300R019 配置指南-安全(命令行)
查看防火墙配置
查看防火墙配置
操作步骤
- 执行命令display firewall zone [ zone-name ] [ interface | priority ],查看全部或指定安全区域的配置信息。
- 执行命令display firewall interzone [ zone-name1 zone-name2 ],查看安全域间的信息。
- 执行命令display
firewall blacklist configuration,查看防火墙黑名单功能是否使能。
- 执行命令display firewall blacklist { all | ip-address [ vpn-instance vpn-instance-name ]
| dynamic | static | vpn-instance vpn-instance-name },查看防火墙黑名单表项的内容。
- 执行命令display firewall whitelist { all | ip-address [ vpn-instance vpn-instance-name ]
| vpn-instance vpn-instance-name },查看防火墙白名单表项的信息。
- 执行命令display firewall
statistics system [ normal all | defend ],查看防火墙的系统流量统计信息。
- 执行命令display firewall
statistics zone zone-name { inzone | outzone } all,查看安全区域的流量统计和监控信息。
- 执行命令display firewall
statistics zone-ip zone-name,查看指定域下域的流量监控使能情况与各种协议配置的监控阈值。
- 执行命令display
firewall-nat session aging-time,查看防火墙设备上会话表项的超时时间。
- 执行命令display port-mapping [ dns | ftp | http | rtsp | sip | port port-number | pptp ],查看指定的应用层协议和端口的映射关系。
- 执行命令display firewall defend { flag | { icmp-flood | syn-flood | udp-flood }
[ ip [ ip-address [ vpn-instance vpn-instance-name ]
] | zone [ zone-name ] ] | other-attack-type },查看各种攻击防范功能的使能状态和配置信息。
- 执行命令display firewall
log configuration,查看防火墙日志的全局配置信息。
- 执行命令display
firewall session { all [ verbose ] | number }或display firewall session protocol { protocol-number | protocol-name } [ source source-address [ source-port ] ] [ destination destination-address [ destination-port ] ] [ verbose ]或display firewall session destination destination-address [ destination-port ] [ verbose ]或display firewall session source source-address [ source-port ] [ destination destination-address [ destination-port ] ] [ verbose ],查看Firewall的流表信息。
- 执行命令display firewall
ipv6 session { all [ verbose ] | number }或display
firewall ipv6 session protocol { protocol-number | protocol-name } [ source source-address [ source-port ] ] [ destination destination-address [ destination-port ] ] [ verbose ]或display firewall
ipv6 session destination destination-address [ destination-port ] [ verbose ]或display firewall
ipv6 session source source-address [ source-port ] [ destination destination-address [ destination-port ] ] [ verbose ],查看IPv6的Firewall的流表信息。
- 执行命令display firewall app { servermap | session } table statistics,查看防火墙应用层表项的统计信息。
- 执行命令display firewall
app session table [ application-protocol { dns | ftp | http | pptp | rtsp | sip } ] [ source-ip ip-address [ port-number ] ] [ destination-ip ip-address [ port-number ]
],查看应用层流表信息。
- 执行命令display session { all [ verbose ] | number }或display session destination destination-address [ destination-port ] [ verbose ]或display session source source-address [ source-port ] [ destination destination-address [ destination-port ] ] [ verbose ]或display session protocol { protocol-number | protocol-name } [ source source-address [ source-port ] ] [ destination destination-address [ destination-port ] ] [ verbose ],查看流表信息。
文档编号:EDOC1100112417
浏览量:208410
下载量:1119
分享