3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Attack Prevention and Packet Statistics Configuration Example 179
# Create the sub-interface.
[secblade] interface GigabitEthernet 0/0.1
[secblade-GigabitEthernet0/0.1] vlan-type dot1q vid 30
[secblade-GigabitEthernet0/0.1] ip address 30.0.0.254 24
[secblade-GigabitEthernet0/0.1] quit
[secblade] interface GigabitEthernet 0/0.2
[secblade-GigabitEthernet0/0.2] vlan-type dot1q vid 50
[secblade-GigabitEthernet0/0.2] ip address 50.0.0.254 24
[secblade-GigabitEthernet0/0.2] quit
[secblade] interface GigabitEthernet 0/0.3
[secblade-GigabitEthernet0/0.3] vlan-type dot1q vid 60
[secblade-GigabitEthernet0/0.3] ip address 60.0.0.254 24
[secblade-GigabitEthernet0/0.3] quit
# Add the sub-interface of the internal network to the trust zone.
[secblade] firewall zone trust
[secblade-zone-trust] add interface GigabitEthernet 0/0.1
[secblade-zone-trust] quit
# Add the sub-interface of the external network to the untrust zone.
[secblade] firewall zone untrust
[secblade-zone-untrust] add interface GigabitEthernet 0/0.2
[secblade-zone-untrust] quit
# Add GigabitEthernet0/0.3 sub-interface to the DMZ.
[secblade] firewall zone DMZ
[secblade-zone-DMZ] add interface GigabitEthernet 0/0.3
[secblade-zone-DMZ] quit
# Configure the static route.
[secblade] ip route-static 10.0.0.0 24 30.0.0.1
# Enter zone view.
[secblade] firewall zone trust
# Enable the outbound IP packet statistics function in the zone to perform
statistics on source addresses.
[secblade-zone-trust] statistic enable ip outzone
# Enable the inbound IP packet statistics function in the zone to perform statistics
on destination addresses.
[secblade-zone-trust] statistic enable ip inzone
# Display statistics of connections initiated from 192.168.1.3 in the trust zone to
the external zone.
<secblade> display firewall statistics ip 10.0.0.1 source-ip