H3C SecPath F1800-A Operation Manual page 372

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
connections accessing the firewall device are the accessing connections to the local
zone, as shown in
The relationship is shown in
Intranet
Figure 2-1 Relationship diagram of interface, network and security zones
III. Inbound and Outbound
Data transmission between security zones in different levels will enable the firewall to
check security policy and the firewall will adopt different security policies for data
streams in different directions. Usually, data come from two directions.
Inbound: refers to the direction that data are transmitted from low-level security
zones to high-level security zones.
Outbound: refers to the direction that data are transmitted from high-level
security zones to low-level security zones.
Namely, data transmission direction on the SecPath F1800-A is determined based on
the higher-level security side. According to
Data stream transmitted from DMZ to the untrust zone is called outbound data
stream while inbound data stream contrarily.
Data stream transmitted from the trust zone to DMZ is called outbound data
stream while inbound data stream contrarily.
Data stream transmitted from the trust zone to the untrust zone is called
outbound data stream while inbound data stream contrarily.
Figure 2-1.
Figure
Ethernet
ethernet
0/0/0
Trust
outbound
inbound
Server
2-1.
inbound
outbound
SecPath
( Local )
ethernet
2/0/0
outbound
ethernet
1/0/0
Server
DMZ
Figure 2-1, you can conclude that:
6-20
Chapter 2 Security Policy
Extranet
Untrust
inbound