Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
2.15.1 Example for Configuring the ACL-based Packet Filtering
Firewall
This example shows the application of the ACL-based packet filtering firewall on a network.
The firewall filters packets according to the source/destination IP addresses and source/
destination port numbers of packets. In this way, the security of the packets is improved.
Networking Requirements
As shown in
security, and Eth-Trunk0.2 is connected to the external network with low security. The SPU
must filter the communication packets between the internal network and the external network.
The requirements are as follows:
l
l
The SPU is installed in slot 5 of the S9700.
Figure 2-2 Networking of ACL-based packet filtering
FTP server
129.38.1.2
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
Procedure
Step 1 Import flows from the S9700 to the SPU.
Issue 01 (2012-03-15)
Figure
2-2, Eth-Trunk0.1 of the SPU is connected to an internal network with high
A host (202.39.2.3) on the external network is allowed to access the server in the internal
network.
Other hosts are not allowed to access the server on the internal network.
Web server
129.38.1.4
Internal
network
Telnet server
129.38.1.3
Import flows from the S9700 to the SPU.
Configure zones and the interzone.
Add interfaces to the zones.
Configure an ACL.
Configure ACL-based packet filtering in the interzone.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VLAN 10
Eth-Trunk0.1
XGE5/0/0
XGE5/0/1
Eth-Trunk0.2
VLAN 20
GE1/0/10
GE1/0/11
Switch
2 Firewall Configuration
202.39.2.3
68
Advertisement
Table of Contents
