F1020防火墙不通，直连都不通

1.有一台H3C F1020防火墙， 共有3个接口。G1/0/2 是接的运营商固定IP专线外网（untrust区域）G1/0/3 是接的傻瓜H3C交换机，接口IP是192.168.1.254/24 （trust区域）G1/0/4是接的一台友商9303交换机，接口IP是 10.41.0.20/24（DMZ区域），需要访问9303交换上联的10.41.0.0/16某些业务现在问题是：上网没有问题， PC通过 G1/0/3 到G1/0/2通过EASY IP转换出去上网PC访问10.41.0.0/16通过G1/0/4的EASY IP 10.41.0.20转换出去但是今天，突然出现了PC访问不了G1/0/4对端的10.41.0.0/16的情况。在防火墙上执行 带源地址ping -a 10.41.0.20 10.41.0.254不通，但是可以学到10.41.0.254的MAC地址， 显示在G1/0/4接口。求各位大神帮忙。下面是H3C防火墙配置。

dis cur # version 7.1.064, Release 9323P28 # sysname H3C F1020 # nat address-group 41 address 10.41.0.20 10.41.0.20 # nat address-group 1 name 1 address 192.168.1.20 192.168.1.200 # dhcp enable # vlan 1 # object-group ip address q   security-zone Trust 0 network host address 120.202.30.225 # object-group ip address w  network subnet 192.168.1.0 255.255.255.0 # dhcp server ip-pool GuideSecDHCPPool gateway-list 192.168.1.254 network 192.168.1.0 mask 255.255.255.0  dns-list 211.137.58.20 # interface NULL0 # interface GigabitEthernet1/0/0  port link-mode route ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/1 port link-mode route # interface GigabitEthernet1/0/2 port link-mode route description Wan ip address 120.202.30.333 255.255.255.0  dns server 211.137.58.20 nat outbound description Nat # interface GigabitEthernet1/0/3  port link-mode route description Lan ip address 192.168.1.254 255.255.255.0  undo dhcp select server # interface GigabitEthernet1/0/4  port link-mode route ip address 10.41.0.20 255.255.255.0  nat outbound 2000 address-group 41  undo dhcp select server # i security-zone name Trust import interface GigabitEthernet1/0/3 # security-zone name DMZ import interface GigabitEthernet1/0/4 # security-zone name Untrust import interface GigabitEthernet1/0/2 # security-zone name Management import interface GigabitEthernet1/0/0 # scheduler logfile size 16 # # ip route-static 0.0.0.0 0 GigabitEthernet1/0/2 120.202.30.1 ip route-static 10.41.0.0 16 GigabitEthernet1/0/4 10.41.0.254 preference 59 ip route-static 10.41.215.138 32 GigabitEthernet1/0/4 10.41.0.254 preference 59 # acl basic 2000  rule 0 permit # acl advanced 3000 # domain system # session statistics enable# ip https enable webui log enable # inspect block-source parameter-profile ips_block_default_parameter # inspect block-source parameter-profile url_block_default_parameter # inspect redirect parameter-profile av_redirect_default_parameter# inspect redirect parameter-profile ips_redirect_default_parameter # inspect redirect parameter-profile url_redirect_default_parameter # security-policy ip rule 2 name test  action pass counting enable  rule 1 name GuideSecPolicy  action pass counting enable source-zone Trust  source-zone Local  destination-zone Untrust destination-zone DMZ  destination-zone Local  destination-zone Trust