目
录
项目1 防火墙基础知识....................................................................
1
1.1 知识引入............................................................................................
1
1.2 任务1:安装支持防火墙仿真环境的 eNSP 软件 ..........................
5
1.3 任务2:用 Wireshark 捕获常见的TCP/IP 协议栈报文...............13
习题...........................................................................................................25
思政聚焦:增强服务意识 .......................................................................25
项目2 防火墙登录方式..................................................................26
2.1 知识引入..........................................................................................26
2.2 任务1:通过Console 控制接口登录防火墙................................29
2.3 任务2:通过Web 方式登录防火墙..............................................31
2.4 任务3:通过telnet 协议登录防火墙 ............................................39
2.5 任务4:通过SSH 协议登录防火墙..............................................42
习题...........................................................................................................45
思政聚焦:积极践行社会主义核心价值观...........................................45
项目3 防火墙安全策略..................................................................47
3.1 知识引入..........................................................................................47
3.2 任务1:安全区域划分和网络基础配置 .......................................53
3.3 任务2:防火墙策略配置 ...............................................................58
3.4 任务3:需求验证...........................................................................60
习题...........................................................................................................67
思政聚焦:面对腐败零容忍...................................................................68
项目4 防火墙源NAT 策略 ...........................................................69
4.1 知识引入..........................................................................................69
4.2 任务1:用Easy IP 方式访问外网.................................................73
4.3 任务2:用No-PAT 方式访问外网 ................................................78
4.4 任务3:用NAPT 方式访问外网...................................................84
4.5 任务4:用Smart NAT 方式访问外网...........................................91
4.6 任务5:黑洞路由...........................................................................96
习题.........................................................................................................101
思政聚焦:增强绿色可持续发展.........................................................102
Fhqzw.indd 3
2023/12/21 11:07:01
�
项目5 防火墙NAT server 策略..........................................................................103
5.1 知识引入...................................................................................................................103
5.2 任务1:安全区域划分和网络基础配置 ................................................................107
5.3 任务2:防火墙策略配置 ........................................................................................ 111
5.4 任务3:NAT 策略配置 ...........................................................................................112
5.5 任务4:NAT ALG 、静态路由、黑洞路由配置 ...................................................115
5.6 任务5:验证............................................................................................................115
习题...................................................................................................................................121
思政聚焦:增强社会责任 ................................................................................................122
项目6 双向NAT ..................................................................................................123
6.1 知识引入...................................................................................................................124
6.2 任务1:域间双向NAT(NAT inbound+NAT server).........................................126
6.3 任务2:域内双向NAT (域内 NAT+NAT server)..............................................136
习题...................................................................................................................................147
思政聚焦:坚韧不拔自主创新....................................................................................147
项目7 双机热备——主备模式............................................................................148
7.1 知识引入...................................................................................................................149
7.2 任务1:仿真拓扑设计............................................................................................153
7.3 任务2:外围设备基础配置....................................................................................155
7.4 任务3:FW1(master 设备)配置........................................................................156
7.5 任务4:FW2(slave 设备)配置...........................................................................160
7.6 任务5:验证............................................................................................................162
习题...................................................................................................................................166
思政聚焦:点亮青春为国争光....................................................................................167
项目8 双机热备——负载分担模式....................................................................168
8.1 知识引入...................................................................................................................169
8.2 任务1:仿真拓扑设计............................................................................................173
8.3 任务2:外围设备基础配置....................................................................................175
8.4 任务3:FW_A 配置 ................................................................................................176
8.5 任务4:FW_B 配置 ................................................................................................180
8.6 任务5:验证............................................................................................................182
习题...................................................................................................................................187
思政聚焦:推进网络强国建设助力中国式现代化....................................................187
项目9 GRE-VPN .................................................................................................189
9.1 知识引入...................................................................................................................189
9.2 任务1:仿真拓扑设计............................................................................................195
9.3 任务2:外围设备基础配置....................................................................................196
9.4 任务3:FW1 配置...................................................................................................197
IV
Fhqzw.indd 4
2023/12/21 11:07:02
�
9.5 任务4:FW2 配置...................................................................................................200
9.6 任务5:需求验证....................................................................................................202
习题...................................................................................................................................204
思政聚焦:匠心筑梦 技能报国....................................................................................204
项目10 L2TP-VPN ..............................................................................................206
10.1 知识引入 .................................................................................................................206
10.2 任务1:仿真拓扑设计..........................................................................................213
10.3 任务2:物理机和防火墙连通配置 ......................................................................215
10.4 任务3:LNS 配置 .................................................................................................217
10.5 任务4:客户端配置 ..............................................................................................220
10.6 任务5:需求验证..................................................................................................223
习题...................................................................................................................................225
思政聚焦:夯实职业素养助力国家高质量发展 ........................................................225
项目11 IPSec VPN...............................................................................................227
11.1 知识引入 .................................................................................................................227
11.2 任务1:仿真拓扑设计和配置思路 ......................................................................232
11.3 任务2:外围设备基础配置 ..................................................................................233
11.4 任务3:FW_A 配置 ..............................................................................................235
11.5 任务4:FW_B 配置 ..............................................................................................238
11.6 任务5:验证 ..........................................................................................................242
习题...................................................................................................................................245
思政聚焦:弘扬新时代劳动精神实现人生价值 ........................................................245
项目12 GRE over IPSec VPN ............................................................................247
12.1 知识引入 .................................................................................................................247
12.2 任务1:仿真拓扑设计和配置思路 ......................................................................249
12.3 任务2:外围设备基础配置..................................................................................250
12.4 任务3:FW1 配置 .................................................................................................251
12.5 任务4:FW2 配置 .................................................................................................255
12.6 任务5:需求验证..................................................................................................259
习题...................................................................................................................................262
思政聚焦:增强网络安全意识筑牢网络安全屏障....................................................262
参考文献...................................................................................................................264