
Firewall Configuration Ex-
Blackbox/configure> interface ethernet 0
Configuring existing Ethernet interface
Blackbox/configure/interface/ethernet 0> ip address 10.2.1.1 24
Blackbox/configure/interface/ethernet 0> exit
Blackbox/configure> interface ethernet 1
Configuring existing Ethernet interface
Blackbox/configure/interface/ethernet 1> ip address 10.3.1.1 24
Blackbox/configure/interface/ethernet 1> exit
Blackbox/configure> interface bundle wan
Blackbox/configure/interface/bundle wan> link t1 1
Blackbox/configure/interface/bundle wan> encapsulation p
Blackbox/configure/interface/bundle wan> ip address 193.168.94.220 24
Blackbox/configure/interface/bundle wan> exit
Step 2: Create the security zones CORP and DMZ and attach interfaces:
Blackbox/configure> firewall corp
Blackbox/configure/firewall corp> interface ethernet0
Blackbox/configure/firewall corp> exit
Blackbox/configure> firewall dmz
Blackbox/configure/firewall dmz> interface ethernet1
Blackbox/configure/firewall dmz> exit
Blackbox/configure> firewall internet
Blackbox/configure/firewall internet> interface wan
Blackbox/configure/firewall internet> exit 2
Step 3: Verify that the interfaces are attached to the security zones:
Blackbox/configure> show firewall interface all
Interface | Map Name |
ethernet0 | corp |
ethernet1 | dmz |
wan | internet |
Step 4: Create policies for Security Zone CORP that:
Allow all outgoing traffic (with firewall policy priority 1024) Deny all incoming traffic (with firewall policy priority 1021) Create an object of type
Modify policy 1024 to pat all outgoing traffic using public IP 193.168.94.220 Modify policy 1024 to add a java HTTP filter.
67