eveplw

导航

防火墙虚拟化

vsys enable
vsys name A
assign interface GigabitEthernet1/0/1
vsys name B
assign interface GigabitEthernet1/0/3

int g1/0/2
ip address 192.168.2.10 255.255.255.0
service-manage ping permit
firewall zone trust
add interface GigabitEthernet1/0/2
firewall zone untrust
add interface Virtual-if0

rule name root
source-zone untrust
destination-zone trust
destination-address 192.168.2.0 mask 255.255.255.0
action permit


switch vsys A
sys
interface GigabitEthernet1/0/1
undo shutdown
ip binding vpn-instance A
ip address 192.168.1.10 255.255.255.0
service-manage ping permit
firewall zone trust
set priority 85
add interface GigabitEthernet1/0/1
add interface Virtual-if1

ip route-s 192.168.2.1 32 public

rule name P1_P3
source-zone trust
destination-zone untrust
source-address 192.168.1.0 mask 255.255.255.0
action permit


switch vsys B
sys
interface GigabitEthernet1/0/3
undo shutdown
ip binding vpn-instance B
ip address 192.168.3.10 255.255.255.0
service-manage ping permit
firewall zone trust
set priority 85
add interface GigabitEthernet1/0/3
add interface Virtual-if2

 

查看分配资源 

display resource global-resource 

resource-class a
resource-item-limit policy reserved-number 2

vsys name A 1
assign resource-class a

posted on 2022-04-06 13:45  eveplw  阅读(114)  评论(0编辑  收藏  举报