3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Security Zone Configuration 119
# Configure the static route.
[secblade] ip route-static 10.0.0.0 24 30.0.0.1
# Insert IP address and MAC address of the client PC into the address binding
map.
[secblade] firewall mac-binding 202.0.0.1 00e0-fc00-0100
# Enable the address binding function.
[secblade] firewall mac-binding enable
Security Zone
Configuration
Introduction to Security
Zone
Security zones refer to the networks connected to the firewall. Four security zones
are predefined in the system: Local, Trust, Untrust and DMZ, with descending
security levels.
■ Local zone stands for the local system on the firewall.
■ Trust zone stands for the private network over user network.
■ Untrust zone stands for public or insecure network, such as Internet.
■ DMZ (demilitarized zone) is an independent zone between the intranet and
outside networks. It belongs neither to the intranet nor to outside networks.
For example, in a network providing E-commerce services, some hosts, such as
Web server, FTP server and mail server, are required to provide these services. To
provide better services and effectively protect the intranet, you can add these
servers into the DMZ zone to isolate them from the intranet. Then you can
apply different firewall policies to intranet devices and these servers.
Configuring Security
Zone
Entering security zone view
Perform the following configuration in system view.
Enter interzone view
Perform the following configuration in system view.
Creating security zone
Perform the following configuration in system view.
Tab le 106 Enter security zone view
Operation Command
Enter the security zone view firewall zone zonename
Tab le 107 Enter interzone view
Operation Command
Enter the interzone view firewall interzone zone1 zone2