组网及说明
告警信息
#
object-group ip address 192.168.44.1
0 network host address 192.168.44.1
#
#
object-policy ip Trust-any-192.168.44.1
rule 5 drop source-ip 192.168.44.1
#
#
zone-pair security source Trust destination Any
object-policy apply ip Trust-any-192.168.44.1
packet-filter 2000
#
zone-pair security source Trust destination Untrust
packet-filter 2000
#
#
acl basic 2000
rule 0 permit
#
问题描述
现场如上配置后,192.168.44.1访问1.1.1.2正常,不符合预期;
过程分析
域间策略中any优先级最低;
trust访untrust,优先命中了zone-pair security source Trust destination Untrust,而非any
解决方法
#
zone-pair security source Trust destination Any
packet-filter 2000
#
zone-pair security source Trust destination Untrust
object-policy apply ip Trust-any-192.168.44.1
packet-filter 2000
#
0
个评论
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
➤
✖
亲~登录后才可以操作哦!
确定
✖
✖
你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
✖