H3C SecPath F1800-A Operation Manual page 25

Operation Manual - Getting Started
H3C SecPath F1800-A Firewall
10.2.2.254
Ethernet2/0/0 10.2.2.1
Console
PC
RS-232 serial port
Figure 2-7 Networking diagram of pinging the two devices across the SecPath
F1800-A
Step 2: Refer to the steps in
and a SecPath F1800-A"
F1800-A, between the server and the SecPath F1800-A. Here, the router belongs to
the untrust zone, and the server belongs to the DMZ zone.
Step 3: Set ACL rules through the console interface, which permits ICMP packets
from the router to the server and return packets to pass.
<SecPath> system-view
[SecPath] acl number 3105
[SecPath-acl-adv-3105] rule permit icmp source 10.1.1.254 0 destination
10.2.2.254 0
[SecPath-acl-adv-3105] rule permit icmp source 10.2.2.254 0 destination
10.1.1.254 0
Step 4: Apply the ACL rules in the inbound and outbound directions between the
untrust zone and the DMZ zone.
[SecPath] firewall interzone untrust dmz
[SecPath-interzone-dmz-untrust] packet-filter 3105 inbound
[SecPath-interzone-dmz-untrust] packet-filter 3105 outbound
Step 5: You can ping through from the router to the server and from the server to the
router.
Server
DMZ zone
SecPath
Ethernet1/0/0
10.1.1.1
2.1.2 "Configuring Successful Ping Between a Device
to complete the ping between the router and the SecPath
Chapter 2 Basic SecPath F1800-A Configuration
ping
Untrust zone
Router
10.1.1.254
1-18