Home > other >  HCL IP security policy - jump out this command
HCL IP security policy - jump out this command

Time:09-17


-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
1. Project topology
Security zone configuration as shown in figure 1-1,



PcA IP: 192.168.0.100/24 FW IP 192.168.0.1 G1/0/1/24 interface
FIG. 1-1 safety area configuration
2. The project practice environment for
A firewall SecPath, a PC (HCL) is added to select the host software,
Job configuration firewall makes two hosts each
(1) in figure 1-1, configure host IP address, name and a firewall configuration interface IP address,
Become []
[H3C] sysname FW//configure the firewall name
(FW)

Configuration interface IP address
(FW) interface GigabitEthernet1/0/1//into the interface view
The IP address 192.168.. 1 255.255.255.0
The quit
//disp current - configuration interface GigabitEthernet 1/0/1 the command to view the corresponding interface configuration information,

(2) the configure security area,
Display area of a firewall:

(FW) disp security zone//view security domain command
Name: Local
Members:
None

Name: Trust
Members:
None

Name: the DMZ
Members:
None

Name: Untrust
Members:
None

Name: Management
Members:



To add 1/0 configuration interface G/1 Management area:

(FW) security - zone into safe domain name Management//view
The import interface GigabitEthernet1/0/1
The quit
(3) verify connectivity:
PCA piing FW
Ping 192.168.0.1
View the results not

Why not? We have a look at the current configuration will be found that the default rules without t,
(4) the default rules and changes to security policy again to verify connectivity,
(FW) security policy IP//into the security policy view
Rule 1 name guanli//guanli defined rules, 1 for ID, have uniqueness,
The action pass//action as defined by the
The source - zone Management//define the source security domain
Destination - zone Local//define target security domain
The quit


Verify connectivity:
PCA piing FW
Ping 192.168.0.1


* -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --


I'll do it according to the case but no IP security policy - this command, which is my problem

Page link:https//www.codepudding.com/other/7403.html

Prev:Different network segment equipment without switches, routers can be exchanged
Next:How to use single chip timing control LED
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding