F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
99
164BConfiguring the interzone policy group
326BInterzone policy group configuration task list
Task Remarks
629H
Creating the interzone policy group Required.
630H
Enabling the interzone policy group Required.
631H
Moving an ACL in the interzone policy group Optional.
327BConfiguration prerequisites
Before configuring the interzone policy group, complete the following tasks:
• Create a VD (see System Management and Maintenance Configuration Guide).
• Configure advanced IPv4 ACLs (see "Configuring ACLs").
328BCreating the interzone policy group
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Create an interzone instance
and enter its view.
interzone source souce-zone-name
destination destination-zone-name
By default, no interzone instance
exists.
4. Reference an ACL to create an
interzone policy group.
rule acl [ ipv6 ] acl-number
By default, no interzone policy
group exists.
329BEnabling the interzone policy group
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Enter interzone instance view.
interzone source souce-zone-name
destination destination-zone-name
N/A
4. Enable the interzone policy
group.
rule acl [ ipv6 ] enable
By default, the interzone policy
group is disabled.
330BMoving an ACL in the interzone policy group
The ACLs in an interzone policy are matched in the order that they are displayed in the output from the
display this command in interzone instance view. To flexibly adjust the match order of ACLs, you can
move an ACL in the interzone policy as needed.
To move an ACL referenced by the interzone policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A