F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
97
Ste
p
Command
Remarks
4. Enter interzone policy
rule view.
rule [ rule-id ] { deny | permit }
[ content-filter policy-template-name
| logging | time-range
time-range-name ] *
N/A
5. Reference a source IP
object in the interzone
policy rule.
source-ip sour-ip-obj-name
By default, no source IP object is
referenced in an interzone policy rule.
NOTE:
The source IP object can be any_address.
6. Reference a
destination IP object in
the interzone policy
rule.
destination-ip dest-ip-obj-name
By default, no destination IP object is
referenced in an interzone policy rule.
NOTE:
The destination IP object can be
any_address.
7. Reference a service
object in the interzone
policy rule.
service service-obj-name
By default, no service object is
referenced in an interzone policy rule.
NOTE:
The service object can be any_service.
8. Reference a source
MAC object in the
interzone policy rule.
source-mac sour-mac-obj-name
Optional.
By default, no source MAC object is
referenced in an interzone policy rule.
NOTE:
The source MAC object can be any_mac.
9. Reference a
destination MAC
object in the interzone
policy rule.
destination-mac dest-mac-obj-name
Optional.
By default, no destination MAC object is
referenced in an interzone policy rule.
NOTE:
The destination MAC object can be
any_mac.
323BEnabling an interzone policy rule
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view. switchto vd vd-name Required for a VD.
3. Enter interzone instance
view.
interzone source souce-zone-name
destination destination-zone-name
N/A
4. Enter interzone policy
rule view.
rule [ rule-id ] { deny | permit }
[ content-filter policy-template-name |
logging | time-range time-range-name ] *
N/A
5. Enable the interzone
policy rule.
rule enable
By default, an interzone policy
rule is disabled.