Web: Example for Accessing the Internet in Transparent Mode
Networking Requirements
As shown in Figure 1, the service interfaces of the FW all need to work at Layer 2 and be added to VLAN 10. Intranet users need to access the Internet through the FW in Layer 2 mode.
Configuration Roadmap
- Configure interfaces and complete basic network configurations.
- Configure a security policy so that intranet PCs can access the Internet.
Procedure
- Complete basic network configurations.
Choose .
Click GE0/0/3, set the parameters as follows, and click OK.
Zone
trust
Mode
Switching
Connection Type
Access
Access VLAN ID
10
Repeat the preceding steps to configure GE0/0/1.
Zone
untrust
Mode
Switching
Connection Type
Access
Access VLAN ID
10
- Configure a security policy so that intranet PCs can access the Internet. You are advised to configure refined security policies based on the actual networking.
Verification
Check whether intranet PCs can access the Internet through the FW. If so, the configuration is successful. If the PCs fail to access the Internet, modify the configuration and try again.
Configuration Script
#
interface
portswitch
port link-type access
port default vlan 10
#
interface
portswitch
port link-type access
port default vlan 10
#
firewall zone trust
set priority 85
add interface
#
firewall zone untrust
set priority 5
add interface
#
security-policy
rule name policy_sec_1
source-zone trust
destination-zone untrust
source-address 10.3.0.0 24
action permit
#
return