VRP (R) Software, Version 5.170 (USG6000V1 V500R005C10SPC300)
接口加入turst,防火墙默认不允许local->trust策略是禁止的。
需要开启策略(本地到trust区域策略)
rule name p2
source-zone local
destination-zone trust
source-address 10.1.1.0 mask 255.255.255.0
source-address 192.168.1.0 mask 255.255.255.0
source-address 202.100.1.0 mask 255.255.255.0
service icmp
action permit防火墙接口默认加入到 vpn-instance default ,使用[USG6000V1]ping -vpn-instance default 10.1.1.10进行测试
[USG6000V1]ping -vpn-instance default 10.1.1.10
PING 10.1.1.10: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.10: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 10.1.1.10: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.10: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.10: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.10: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.1.1.10 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms[USG6000V1]ping 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=59 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=39 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=38 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=35 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 35/42/59 ms[USG6000V1]ping 202.100.1.1
PING 202.100.1.1: 56 data bytes, press CTRL_C to break
Reply from 202.100.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 202.100.1.1: bytes=56 Sequence=2 ttl=255 time=27 ms
Reply from 202.100.1.1: bytes=56 Sequence=3 ttl=255 time=36 ms
Reply from 202.100.1.1: bytes=56 Sequence=4 ttl=255 time=34 ms
Reply from 202.100.1.1: bytes=56 Sequence=5 ttl=255 time=43 ms
--- 202.100.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 27/34/43 ms
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
