HP VPN Firewall Appliances Access Control Configuration Guide
97
Figure 83 Network diagram
Configuration procedure
1. Create a time range named work to cover 8:00 to 18:00 on working days.
<Firewall> system-view
[Firewall] time-range work 8:0 to 18:0 working-day
2. Configure security zones:
# Create a security zone named president, and add interface GigabitEthernet 0/2 to the security
zone.
[Firewall] zone name president id 10
[Firewall-zone-president] import interface gigabitethernet 0/2
[Firewall-zone-president] quit
# Create a security zone named finance, and add interface GigabitEthernet 0/3 to the security
zone.
[Firewall] zone name finance id 11
[Firewall-zone-finance] import interface gigabitethernet 0/3
[Firewall-zone-finance] quit
# Create a security zone named market, and add interface GigabitEthernet 0/4 to the security
zone.
[Firewall] zone name market id 12
[Firewall-zone-market] import interface gigabitethernet 0/4
[Firewall-zone-market] quit
# Create a security zone named database, and add interface GigabitEthernet 0/1 to the security
zone.
[Firewall] zone name database id 13
[Firewall-zone-database] import interface gigabitethernet 0/1
[Firewall-zone-database] quit
3. Configure objects:
# Create an subnet address object named president, and add subnet IP address 192.168.1.0/24
to the object.
[Firewall] object network subnet president
[Firewall-object-network-president] subnet 192.168.1.0 0.0.0.255