Zone Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
779
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
11. Configuring the filters matching the above scenario.
(A) Filters for Trust Zone
ALU(config)# ip filter in-trust
ALU(config-filter-in-trust)#10 match any Internet-access
permit
ALU(config-filter-in-trust)#20 match any trust-DMZ-access
permit
ALU(config-filter-in-trust)#30 match any trust-manage permit
ALU(config-filter-in-trust)#default deny
Applying this filter as "IN" filter on the un-trust Interface
ALU(config-if GigabitEthernet3/0)#ip filter in in-trust
ALU(config)# ip filter out-trust
ALU(config-filter-out-trust)#10 match any Internet-Trust
permit
ALU(config-filter-out-trust)#20 match any trust-manage
permit
ALU(config-filter-out-trust)#default deny
Applying this filter as "out" on the un-trust interface
ALU(config-if GigabitEthernet3/0)#ip filter out out-trust
B) Filters for DMZ zone
ALU(config)# ip filter DMZ-traffic
ALU(config-filter-DMZ)#match any Internet-mail-access permit
ALU(config-filter-DMZ)#match any trust-DMZ-access permit
ALU(config-filter-DMZ traffic)#default deny
Applying the filter DMZ as a "IN" filter on the DMZ interface
ALU(config-if GigabitEthernet3/1)#ip filter in DMZ-traffic
ALU(config)#ip filter DMZ-out
ALU(config-filter-DMZ-out)#10 match any DMZ-Trust permit
ALU(config-filter-DMZ-out)#default deny
Applying the filter as "out" on the DMZ interface
ALU(config-if GigabitEthernet3/1)#ip filter out DMZ-out
To Next Page
Loading...
