《防火牆項目化實戰——基於華為eNSP》是2024年清華大學出版社出版的圖書,作者是熊翌竹、李文靜、李祖猛、荊舒煬、陳帥、余振養。
基本介紹
- 中文名:防火牆項目化實戰——基於華為eNSP
- 作者:熊翌竹、李文靜、李祖猛、荊舒煬、陳帥、余振養
- 出版時間:2024年1月1日
- 出版社:清華大學出版社
- ISBN:9787302647355
- 定價:64 元
內容簡介,圖書目錄,
內容簡介
本書是基於華為eNSP 模擬仿真環境編寫的防火牆項目化教程。本書共12 個項目,包括防火牆基礎知識、防火牆登錄方式、防火牆安全策略、防火牆源NAT 策略、防火牆NAT server 策略、雙向NAT 、雙機熱備——主備模式、雙機熱備——負載分擔模式、GRE-VPN、L2TP-VPN、IPSec-VPN 和GRE over IPSec VPN。
圖書目錄
目 錄
項目1 防火牆基礎知識....................................................................1
1.1 知識引入............................................................................................1
1.2 任務1:安裝支持防火牆仿真環境的 eNSP 軟體 ..........................5
1.3 任務2:用 Wireshark 捕獲常見的TCP/IP 協定棧報文...............13
習題...........................................................................................................25
思政聚焦:增強服務意識 .......................................................................25
項目2 防火牆登錄方式..................................................................26
2.1 知識引入..........................................................................................26
2.2 任務1:通過Console 控制接口登錄防火牆................................29
2.3 任務2:通過Web 方式登錄防火牆..............................................31
2.4 任務3:通過telnet 協定登錄防火牆 ............................................39
2.5 任務4:通過SSH 協定登錄防火牆..............................................42
習題...........................................................................................................45
思政聚焦:積極踐行社會主義核心價值觀...........................................45
項目3 防火牆安全策略..................................................................47
3.1 知識引入..........................................................................................47
3.2 任務1:安全區域劃分和網路基礎配置 .......................................53
3.3 任務2:防火牆策略配置 ...............................................................58
3.4 任務3:需求驗證...........................................................................60
習題...........................................................................................................67
思政聚焦:面對腐敗零容忍...................................................................68
項目4 防火牆源NAT 策略 ...........................................................69
4.1 知識引入..........................................................................................69
4.2 任務1:用Easy IP 方式訪問外網.................................................73
4.3 任務2:用No-PAT 方式訪問外網 ................................................78
4.4 任務3:用NAPT 方式訪問外網...................................................84
4.5 任務4:用Smart NAT 方式訪問外網...........................................91
4.6 任務5:黑洞路由...........................................................................96
習題.........................................................................................................101
思政聚焦:增強綠色可持續發展.........................................................102
項目5 防火牆NAT server 策略..........................................................................103
5.1 知識引入...................................................................................................................103
5.2 任務1:安全區域劃分和網路基礎配置 ................................................................107
5.3 任務2:防火牆策略配置 ........................................................................................ 111
5.4 任務3:NAT 策略配置 ...........................................................................................112
5.5 任務4:NAT ALG 、靜態路由、黑洞路由配置 ...................................................115
5.6 任務5:驗證............................................................................................................115
習題...................................................................................................................................121
思政聚焦:增強社會責任 ................................................................................................122
項目6 雙向NAT ..................................................................................................123
6.1 知識引入...................................................................................................................124
6.2 任務1:域間雙向NAT(NAT inbound+NAT server).........................................126
6.3 任務2:域內雙向NAT (域內 NAT+NAT server)..............................................136
習題...................................................................................................................................147
思政聚焦:堅韌不拔自主創新....................................................................................147
項目7 雙機熱備——主備模式............................................................................148
7.1 知識引入...................................................................................................................149
7.2 任務1:仿真拓撲設計............................................................................................153
7.3 任務2:外圍設備基礎配置....................................................................................155
7.4 任務3:FW1(master 設備)配置........................................................................156
7.5 任務4:FW2(slave 設備)配置...........................................................................160
7.6 任務5:驗證............................................................................................................162
習題...................................................................................................................................166
思政聚焦:點亮青春為國爭光....................................................................................167
項目8 雙機熱備——負載分擔模式....................................................................168
8.1 知識引入...................................................................................................................169
8.2 任務1:仿真拓撲設計............................................................................................173
8.3 任務2:外圍設備基礎配置....................................................................................175
8.4 任務3:FW_A 配置 ................................................................................................176
8.5 任務4:FW_B 配置 ................................................................................................180
8.6 任務5:驗證............................................................................................................182
習題...................................................................................................................................187
思政聚焦:推進網路強國建設助力中國式現代化....................................................187
項目9 GRE-VPN .................................................................................................189
9.1 知識引入...................................................................................................................189
9.2 任務1:仿真拓撲設計............................................................................................195
9.3 任務2:外圍設備基礎配置....................................................................................196
9.4 任務3:FW1 配置...................................................................................................197
9.5 任務4:FW2 配置...................................................................................................200
9.6 任務5:需求驗證....................................................................................................202
習題...................................................................................................................................204
思政聚焦:匠心築夢 技能報國....................................................................................204
項目10 L2TP-VPN ..............................................................................................206
10.1 知識引入 .................................................................................................................206
10.2 任務1:仿真拓撲設計..........................................................................................213
10.3 任務2:物理機和防火牆連通配置 ......................................................................215
10.4 任務3:LNS 配置 .................................................................................................217
10.5 任務4:客戶端配置 ..............................................................................................220
10.6 任務5:需求驗證..................................................................................................223
習題...................................................................................................................................225
思政聚焦:夯實職業素養助力國家高質量發展 ........................................................225
項目11 IPSec VPN...............................................................................................227
11.1 知識引入 .................................................................................................................227
11.2 任務1:仿真拓撲設計和配置思路 ......................................................................232
11.3 任務2:外圍設備基礎配置 ..................................................................................233
11.4 任務3:FW_A 配置 ..............................................................................................235
11.5 任務4:FW_B 配置 ..............................................................................................238
11.6 任務5:驗證 ..........................................................................................................242
習題...................................................................................................................................245
思政聚焦:弘揚新時代勞動精神實現人生價值 ........................................................245
項目12 GRE over IPSec VPN ............................................................................247
12.1 知識引入 .................................................................................................................247
12.2 任務1:仿真拓撲設計和配置思路 ......................................................................249
12.3 任務2:外圍設備基礎配置..................................................................................250
12.4 任務3:FW1 配置 .................................................................................................251
12.5 任務4:FW2 配置 .................................................................................................255
12.6 任務5:需求驗證..................................................................................................259
習題...................................................................................................................................262
思政聚焦:增強網路安全意識築牢網路安全螢幕障....................................................262
參考文獻...................................................................................................................264
