Clavister E7 CLI 配置手册.doc

Clavister E7 CLI 配置手册 Written by suntengfei  1 部署环境 公司有一 Clavister E7 台防火墙,内网口 G1 连接二层交换机,交换机有两个 VLAN,分别是 VLAN7 与 VLAN8。外网口 G2 为 ADSL 线路。 VLAN ID 作用 7 客户端 8 服务器 注：E7 默认情况下 1 号口为管理口，IP 地址为 ，帐号密码为 admin。 2 防火墙配置 命令参考 允许远程接入 Device:/ set RemoteManagement RemoteMgmtHTTP rmgmt_http Network=management_net Interface=If2 添加主机 Device:/ add Address IP4Address www_srv1 Address=6 添加网络 Device:/ add Address IP4Address wwwsrvnet Address=/24 VLAN接口命令 Device:/ add Interface VLAN VLAN10 Ethernet=lan IP=vlan10_ip Network=all-nets VLANID=10 PPOE接口 Device:/ add Interface PPPoETunnel PPPoEClient EthernetInterface=wan Network=all-nets Username=exampleuser Password=examplepw 添加静态路由 Change the context to be the routing table: Device:/ cc RoutingTable main Add the route: Device:/main add Route Interface=wan Network=all-nets Gateway=isp_gw_ip 添加防火墙策 Device:/ add IPRule 略 Action=Allow Service=http SourceInterface=lan  SourceNetwork=lan_net DestinationInterface=wan DestinationNetwork=all-nets Name=lan_http 添加 NAT Device:/ add IPRule Action=NAT SourceInterface=lan SourceNetwork=lan_net DestinationInterface=wan DestinationNetwork=all-nets Service=http NATAction=UseInterfaceAddress Name=NAT_HTTP 应用新的配置 Device:/ activate Device:/ commit 接口配置 内网口配置 由于 G1内网口要承载两个 VLAN，二层交换机与 G1通过 Trunk互联。 Device:/ add Interface vlan vlan7 Ethernet=g1 IP=53 Network=/24 VLANID=7 /配置 VLAN7到防火墙的 G1口 Device:/ add Interface vlan vlan8 Ethernet=g1 IP=54 Network=/24 VLANID=8 /配置 VLAN8到防火墙的 G1口 查看接口配置 Device:/ show Interface DefaultInterface Name Comments ---- -------- any empty core empty Ethernet Name IP Network Default Gatew ay DHCP Enabled ---- ------------------------ ------------- ------------- -- ------------  G1 InterfaceAddresses/G1_ip InterfaceA... InterfaceAdd. .. No G2 InterfaceAddresses/G2_ip InterfaceA... empty No G3 InterfaceAddresses/G3_ip InterfaceA... empty No GESW InterfaceAddresses/GE... InterfaceA... empty No GRETunnel (Empty) InterfaceGroup Name Members ------- ------- WANZone G1 IPsecTunnel (Empty)