Table of contents
The firewall defaults to 4 areas, and the priorities are as follows:
Direction of data flow between domains:
The firewall defaults to 4 areas, and the priorities are as follows:
- local area, priority 100
- trust zone, priority 85
- DMZ area, priority 50
- untrust zone, priority 5
Priority overview
If you are not satisfied with the networking requirements, you can create a security zone yourself, with a maximum number of 16 (including the default 4) , but the priority cannot be the same as that of the existing zone
Except for the Local zone, when using all other security zones, you need to associate the security zone with a specific firewall interface, that is, add the interface to the security zone.
It is worth noting that the system does not allow two security zones to have the same security level; and the same interface is not allowed to belong to two different security zones.
Direction of data flow between domains:
The data flow between different levels of security zones will trigger the firewall to perform detection according to the security policy, and the administrator can set different security policies for different flow directions. Data flow between domains is divided into two directions:
Inbound direction (inboud) : the direction in which data is transmitted from a low- level security zone to a high -level security zone;
Outbound : The direction in which data is transmitted from a high- level security zone to a low- level security zone.
Specific commands:
Create safe zone
firewall zone name zonename
delete safe zone
undo firewall zone name zonename
Enter safe area view
firewall zone false
Add interface to security zone
add interface interface-type interface-number
Set security priorities
set priority number