No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ: L3Virtual Firewall in 5 easy steps

Publication Date:  2013-05-01 Views:  75 Downloads:  0
Issue Description
Eudemon 200E version V300R001
Alarm Information
none
Handling Process
1. Create virtual firewall vf1

[Eudemon] ip vpn-instance vf1

[Eudemon-vpn-vf1] route-distinguisher 100:1

[Eudemon-vpn-vf1]quit

 

2. Bind inside interfaces and outside interface to virtual firewall

[Eudemon]interface gi0/0/0    \\\\ LAN interface

[Eudemon-GigabitEthernet0/0/0]ip binding vpn-instance vf1   \\ bind interface to virtual firewall first and then assign ip address

[Eudemon-GigabitEthernet0/0/0]ip add 192.168.1.1 24      \\\ private addresing
     
[Eudemon-GigabitEthernet0/0/0]q

[Eudemon]interface gi0/0/1      \\\\\ WAN interface

[Eudemon-GigabitEthernet0/0/1]ip binding vpn-instance vf1   

[Eudemon-GigabitEthernet0/0/1]ip add 1.1.1.1 24        \\\\\ public addresing for WAN

[Eudemon-GigabitEthernet0/0/1]q

 

3. Add interfaces to the security zones of virtual firewall vf1

[Eudemon]firewall zone vpn-instance vf1 trust

[Eudemon-zone-trust-vf1]add interface giga0/0/0          \\\\\ LAN interfaces belongs to trust zone

[Eudemon-zone-trust-vf1]q

[Eudemon]firewall zone vpn-instance vf1 untrust

[Eudemon-zone-untrust-vf1]add interface giga0/0/1          \\\\\ WAN interface belongs to untrust.

[Eudemon-zone-untrust-vf1]q

 

4. Configure interzone filtering for vf1 to allow packets from trust zone to pass to untrust zone.

[Eudemon]policy interzone vpn-instance vf1 trust untrust outbound

[Eudemon-policy-interzone-trust-untrust-vf1-outbound]policy 0

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]policy source 192.168.1.0 0.0.0.255

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]action permit

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]q

[Eudemon-policy-interzone-trust-untrust-vf1-outbound]q

 

5.Configure NAT outbound to permit trust zone users to access untrust zone using 1.1.1.2 to 1.1.1.4 address

[Eudemon]nat adress-group 1 1.1.1.2 1.1.1.4 vpn-instance vf1

[Eudemon]nat-policy interzone vpn-instance vf1 trust untrust outbound

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound]policy 0

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]policy source 192.16.1.0 0.0.0.255      \\\\ nat for private LAN stations
[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]action source-nat

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]address-group 1

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]q

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound]q
Root Cause
In order to prevent misconfiguration, i've made a summary of what steps need to be followed when configuring L3 virtual firewall
Suggestions
none.

END