1. Create VLAN 11 for managing the firewall.
interface Vlanif11 ip address 220.127.116.11 255.255.255.0
2. Create a virtual firewall and assign VLAN 11 to the virtual firewall.
vlan 11 binding vpn-instance vfw1
3. Configure the gateway of the virtual firewall.
ip route-static vpn-instance vfw1 0.0.0.0 0.0.0.0 18.104.22.168
In transparent mode, the firewall can be managed only through VLANIF interfaces. However, all PCs used Lay3_switch as the gateway. Therefore, the packets from the PCs passed through the firewall twice, first through Lay2_switch and then through Lay3_switch. Therefore, the access was blocked. Therefore, the management VLAN must be assigned to the virtual firewall so that a session can be established when the packets pass through the firewall the second time.