- Foundry Router User Guide
Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 51
Step 1:Configure the Ethernet interfaces and the WAN interfaces with IP addresses:
Step 2: Create the security zones CORP and DMZ and attach interfaces:
Step 3: Verify that the interfaces are attached to the security zones:
Step 4: Create policies for Security Zone CORP that:
• Allow all outgoing traffic (with firewall policy priority 1024)
• Deny all incoming traffic (with firewall policy priority 1021)
• Create an object of type http-filter to block java traffic
• Modify policy 1024 to pat all outgoing traffic using public IP 193.168.94.220
• Modify policy 1024 to add a java HTTP filter.
Foundry/configure# interface ethernet 0
Configuring existing Ethernet interface
Foundry/configure/interface/ethernet 0# ip address 10.2.1.1 24
Foundry/configure/interface/ethernet 0# exit
Foundry/configure# interface ethernet 1
Configuring existing Ethernet interface
Foundry/configure/interface/ethernet 1# ip address 10.3.1.1 24
Foundry/configure/interface/ethernet 1# exit
Foundry/configure# interface bundle wan
Foundry/configure/interface/bundle wan# link t1 1
Foundry/configure/interface/bundle wan# encapsulation p
Foundry/configure/interface/bundle wan# ip address 193.168.94.220 24
Foundry/configure/interface/bundle wan# exit
Foundry/configure# firewall corp
Foundry/configure/firewall corp# interface ethernet0
Foundry/configure/firewall corp# exit
Foundry/configure# firewall dmz
Foundry/configure/firewall dmz# interface ethernet1
Foundry/configure/firewall dmz# exit
Foundry/configure# firewall internet
Foundry/configure/firewall internet# interface wan
Foundry/configure/firewall internet# exit 2
Foundry/configure# show firewall interface all
Interface Map Name
--------- --------
ethernet0 corp
ethernet1 dmz
wan internet