F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
134
Ste
p
Command
Remarks
3. Create a security zone
and enter security zone
view.
zone name zone-name [ id zone-id ] N/A
4. Add an interface to the
security zone.
import interface interface-type
interface-number [ vlan vlan-id ]
By default, a security zone
contains no interface.
5. Enter interface view.
interface interface-type interface-number N/A
6. Enable IP virtual fragment
reassembly.
ip virtual-reassembly [ drop-fragments |
max-fragments number | max-reassemblies
number | timeout seconds ] *
By default, the feature is
disabled.
7. Display fragment
information in the security
zone.
display ip virtual-reassembly vd vd-name
[ zone zone-name ] [ | { begin | exclude |
include } regular-expression ]
Optional.
183BConfiguration example
353BNetwork requirements
As shown in 650HFigure 113 , configure devices as follows:
• NAT is enabled on GigabitEthernet0/2 of the firewall.
• Configure IP virtual fragment reassembly on GigabitEthernet0/2 of the firewall.
Figure 113 Network diagram
354BConfiguration procedure
1. Assign IP addresses to the interfaces as shown in the figure. (Details not shown.)
2. Configure the host:
# Configure a route so that the Host, Firewall, and Router can communicate with each other.
(Details not shown.)
3. Configure the firewall:
# Configure NAT and IP virtual fragment reassembly.
<Firewall> system-view
[Firewall] nat static 10.1.1.1 11.2.2.3
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound static
[Firewall-GigabitEthernet0/2] quit
# Configure IP virtual fragment reassembly.
[Firewall] zone name trust
[Firewall-zone-trust] ip virtual-reassembly