Security Features
Step 1:Configure the Ethernet interfaces and the WAN interfaces with IP addresses:
Foundry/configure# interface ethernet 0 Configuring existing Ethernet interface Foundry/configure/interface/ethernet 0# ip address 10.2.1.1 24 Foundry/configure/interface/ethernet 0# exit Foundry/configure# interface ethernet 1
Configuring existing Ethernet interface Foundry/configure/interface/ethernet 1# ip address 10.3.1.1 24 Foundry/configure/interface/ethernet 1# exit Foundry/configure# interface bundle wan Foundry/configure/interface/bundle wan# link t1 1 Foundry/configure/interface/bundle wan# encapsulation p Foundry/configure/interface/bundle wan# ip address 193.168.94.220 24 Foundry/configure/interface/bundle wan# exit
Step 2: Create the security zones CORP and DMZ and attach interfaces:
Foundry/configure# firewall corp
Foundry/configure/firewall corp# interface ethernet0
Foundry/configure/firewall corp# exit
Foundry/configure# firewall dmz
Foundry/configure/firewall dmz# interface ethernet1
Foundry/configure/firewall dmz# exit
Foundry/configure# firewall internet
Foundry/configure/firewall internet# interface wan
Foundry/configure/firewall internet# exit 2
Step 3: Verify that the interfaces are attached to the security zones:
Foundry/configure# show firewall interface all
Interface | Map Name |
ethernet0 | corp |
ethernet1 | dmz |
wan | internet |
Step 4: Create policies for Security Zone CORP that:
•Allow all outgoing traffic (with firewall policy priority 1024)
•Deny all incoming traffic (with firewall policy priority 1021)
•Create an object of type
•Modify policy 1024 to pat all outgoing traffic using public IP 193.168.94.220
•Modify policy 1024 to add a java HTTP filter.
June 2004 | © 2004 Foundry Networks, Inc. | 15 - 51 |
