F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
103
[Firewall-interzone-finance-database-rule-1] rule enable
[Firewall-interzone-finance-database-rule-1] quit
[Firewall-interzone-finance-database] quit
# Create an interzone instance from source zone market to destination zone database, configure
a rule to deny access from the marketing department to the financial database server through HTTP
at any time, and enable the rule.
[Firewall] interzone source market destination database
[Firewall-interzone-market-database] rule deny
[Firewall-interzone-market-database-rule-0] source-ip market
[Firewall-interzone-market-database-rule-0] destination-ip database
[Firewall-interzone-market-database-rule-0] service web
[Firewall-interzone-market-database-rule-0] rule enable
333BVerifying the configuration
After the configuration is complete, verify the configuration by accessing the Web service of the financial
database server through the browser of a PC in each department.
167BInterzone policy group configuration example
334BNetwork requirements
A company interconnects its departments through Firewall.
Configure the interzone policy group to permit the president office to access the financial database
server at any time, permit the financial department to access the financial database server only during
working hours (from 8:00 to 18:00) on working days, and deny any other department to access the
financial database server at any time.
Figure 92 Network diagram
335BConfiguration procedure
1. Create a time range named work to cover 8:00 to 18:00 on working days.
<Firewall> system-view
[Firewall] time-range work 8:0 to 18:0 working-day