Cookbook Configuration
113
Allow Intra-zone
Communication
Select whether the IP addresses in the security zone are allowed for intra-zone
communication.
3. Global Policy Configuration
The global access policy is used to control whether to allow the intra-zone communication, whether to allow the
communication between security zones of the same priority, whether to generate a log when connections are
established and canceled after the security zone policy is matched, and whether to generate a log when the
packet is discarded due to the violation of the security zone access policy.
The priority of the global policy is higher than the default access policy.
Procedure
(1) Choose Firewall > Security Zone Config > Global Policy Config.
(2) Select the configuration items as required and click Save.
4. Zone Policy Configuration
The zone policy function is used to control whether to allow the inter-domain communication.
After the packet reaches the device, the device will identify the source security zone and the destination security
zone to which the packet belongs based on the packet characteristics. If the source security zone is not equal
to the destination security zone, it is an inter-domain access, and the packet is forwarded according to the zone
policy. If the zone policy is not configured, the packet will be processed according to the global policy or the
default access policy. If the source security zone is equal to the destination security zone, it is an intra-domain
access, and the packet will be processed according to the security zone configuration.
The zone policy varies with the security zone creation mode. That is, if the creation mode is switched from the
interface-based mode to the IP-based mode, the zone policy page will also switch to the IP-based security zone
policy configuration page and the existing zone policy will be invalid and deleted, and vice versa.
The priority of the zone policy, the global policy and the default access policy is in a decreasing order.
Creating an Interface-based security zone policy
The interface-based security zone policy is not configured by default.
Prerequisite
Select the Interface mode for security zone policy configuration.
Procedure
To Next Page
Loading...
Need help?
General
