一、实验目的及拓扑
实验目的:在防火墙上配置入侵防御(跨站脚本攻击)策略并在安全策略应用,通过虚拟机访问进行验证
二、基本配置
1、如图所示配置接口地址(省略)
2、配置区域接口
[FW1]dis zone
local
priority is 100
interface of the zone is (0):
#
trust
priority is 85
interface of the zone is (2):
GigabitEthernet0/0/0
GigabitEthernet1/0/1
#
untrust
priority is 5
interface of the zone is (1):
GigabitEthernet1/0/0
#
dmz
priority is 50
interface of the zone is (1):
GigabitEthernet1/0/2
#
3、配置安全策略
[FW1-policy-