您好,登錄后才能下訂單哦!
就是策略路由
1) 創(chuàng)建routing-instance(SP1,SP2),instance-type為fowarding
edit routing-instance [SP1] instance-type forwading
set routing-options static route 0/0 nex-hop 202.100.1.1
edit routing-instance [SP2] instance-type forwading
set routing-options static route 0/0 nex-hop 202.100.2.1
2)創(chuàng)建firewall filter
edit friewall filter [Inside1] term [1]
set from source-address 10.1.1.0/24
set then routing-instance SP1
set term [Default-Permit-All] then accept
set firewall filter [Inside1] term [1] from source-address 10.1.1.0/24
set firewall filter [Inside1] term [1] from source-port xxxx
set firewall filter [Inside1] term [1] destination-address x.x.x.x/x
set firewall filter [Inside1] term [1] destination-port xxxx
set firewall filter [Inside1] term [1] then routing-instance SP1
set firewall filter [Inside1] term [Default-Permit] then accept
edit firewall filter [Inside2] term [2]
set from source-address
set then routing-instance SP2
set term [Default-Permit-All] then accept
3)接口 調(diào)用filter
set interface ge-0/0/2.0 family inet filter input Inside1
set interfaes ge-0/0/3.0 family inet filter input Inside2
4)合并路由表
run show route //查看全局路由表中,是沒有前面定義的routing-instance中的路由的
show routing-instances
edit routing-options
set interface-routes rib-group inet [Policy-Routing]
edit rib-groups [Policy-Routing]
set import-rib [inet.0 SP1.inet.0 SP2.inet.0]
run show route //查看合并后的路由表
5)創(chuàng)建Zone間策略:Security Policis(放行流量Inside1->Outside;Inside2->Outside)
set security policies from-zone Inside1 to-zone Outside policy Default-Permit-All
set match source-address any
set match destination-address any
set match application any
set then permit
set security policies from-zone Inside2 to-zone Outside policy Default-Permit-All
set match sourc-address any
set match destination-address any
set match application-address any
set then permit
#show security policies
#run show security flow session
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。