Packet filtering is disabled after USG2100(V100R005) changing the 3 layer interface to 2 layer

Publication Date:  2012-09-13 Views:  151 Downloads:  0
Issue Description
USG2100(V100R005) changed the 3 layer interface to 2 layer, accede to untrust area, accede internal network 2 layer interface to trust area, accede the two interfaces to the same VLAN, all the packet filtering is forbidden.
PC1----trust   firewall   untrust----PC2
PC1 can communicate with PC2 too.
Alarm Information
Handling Process
Forbid all the packet filtering, don’t accede interface to the area. PC1 can communicate with PC2, data is not processed by CPU. Shutdown the overall fast forwarding, PC1 cannot ping PC2, the command is: undo l2fwdfast enable.
Root Cause
Open the fast forwarding function overall, packets do not pass over packet filtering by soft packet. (switch board card is not controlled by packet filtering )
The feature of new version relates to the packets processing flow.