测试手册(H3C NGFW)
Copyright ?2015杭州华三通信技术有限公司版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。
目录
T01设备自身安全性 ····································································································· 2 T02访问控制 ············································································································ 13 T03 NAT功能 ············································································································ 25 T04日志功能 ············································································································ 32 T05可靠性 ··············································································································· 37 T06虚拟化功能 ········································································································· 49 T07 Flood攻击防御功能 ······························································································ 63 T08特征库升级 ········································································································· 67 T09 IPS攻击防护功能 ································································································· 69 T10攻击防护响应方式 ································································································ 86 T11 IPS自定义攻击 ···································································································· 95 T12带宽管理功能 ······································································································ 97 T13数据过滤功能 ···································································································· 125 T14文件过滤 ·········································································································· 144 T15 URL分类过滤功能 ······························································································ 147 T16病毒防御 ·········································································································· 168 T17链路负载均衡(更详细内容参考链路负载均衡测试手册) ············································ 185 T18服务器负载均衡(更详细内容参考服务器负载均衡测试手册) ······································ 187 T19性能测试 ·········································································································· 187
i
H3C NGFW测试用例
T01 设备自身安全性
T01-01 设备安全登录
测试分组 测试项目 设备自身安全性 设备安全登录 10.1.1.1/2410.1.1.2/24测试拓扑 PCFW 测试目的 支持HTTPS、SSH管理 (1) PC作为SSH Client,FW作为SSH Server;PC作为Web登录的Client,FW作为Web Server; (2) 在设备上使能https服务; (3) 首先在FW上生成本地密钥对; 测试步骤 (4) 在FW上配置用户登录验证方式为scheme; (5) 在FW上使能ssh server enable,并配置一个用户名为ssh,登录方式为stelnet; (6) 配置本地用户名ssh,密码123456,服务类型ssh; (7) 在PC上运行支持SSH的客户端软件(如putty),以用户名ssh,密码123456,登录FW。 FW: 放行接口所在域到local和local到接口所在域的域间策略 SSH配置 public-key local create rsa public-key local create dsa line vty 0 63 authentication-mode scheme 参考配置 protocol inbound ssh ssh user ssh service-type stelnet authentication-type password local-user ssh service-type ssh password simple 123456 authorization-attribute user-role network-admin ssh server enable Web配置 2018-01-08
H3C机密,未经许可不得扩散 第2页, 共197页
ip http enable ip https enable H3C NGFW测试用例 local-user web class manage password simple 123456 service-type http https authorization-attribute user-role network-admin 预期结果 测试准备 测试说明 用sshv2作为用户名通过SSH密码认证方式登录成功,用web作为用户名进行https登录成功。 防火墙,PC domain system下需为默认配置 SSH登录过程: (1) 使用SSH方式登录设备,PC地址为1.1.1.2,FW的gi1/0/0为1.1.1.1,三层可达; 测试结果 2018-01-08
H3C机密,未经许可不得扩散 第3页, 共197页
相关推荐:
loading