No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ: L3Virtual Firewall in 5 easy steps

Publication Date:  2013-05-01 Views:  167 Downloads:  0

Issue Description

Eudemon 200E version V300R001

Alarm Information


Handling Process

1. Create virtual firewall vf1

[Eudemon] ip vpn-instance vf1

[Eudemon-vpn-vf1] route-distinguisher 100:1



2. Bind inside interfaces and outside interface to virtual firewall

[Eudemon]interface gi0/0/0    \\\\ LAN interface

[Eudemon-GigabitEthernet0/0/0]ip binding vpn-instance vf1   \\ bind interface to virtual firewall first and then assign ip address

[Eudemon-GigabitEthernet0/0/0]ip add 24      \\\ private addresing

[Eudemon]interface gi0/0/1      \\\\\ WAN interface

[Eudemon-GigabitEthernet0/0/1]ip binding vpn-instance vf1   

[Eudemon-GigabitEthernet0/0/1]ip add 24        \\\\\ public addresing for WAN



3. Add interfaces to the security zones of virtual firewall vf1

[Eudemon]firewall zone vpn-instance vf1 trust

[Eudemon-zone-trust-vf1]add interface giga0/0/0          \\\\\ LAN interfaces belongs to trust zone


[Eudemon]firewall zone vpn-instance vf1 untrust

[Eudemon-zone-untrust-vf1]add interface giga0/0/1          \\\\\ WAN interface belongs to untrust.



4. Configure interzone filtering for vf1 to allow packets from trust zone to pass to untrust zone.

[Eudemon]policy interzone vpn-instance vf1 trust untrust outbound

[Eudemon-policy-interzone-trust-untrust-vf1-outbound]policy 0

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]policy source

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]action permit




5.Configure NAT outbound to permit trust zone users to access untrust zone using to address

[Eudemon]nat adress-group 1 vpn-instance vf1

[Eudemon]nat-policy interzone vpn-instance vf1 trust untrust outbound

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound]policy 0

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]policy source      \\\\ nat for private LAN stations
[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]action source-nat

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]address-group 1



Root Cause

In order to prevent misconfiguration, i've made a summary of what steps need to be followed when configuring L3 virtual firewall