0口一般用来做管理口
FW1
int g1/0/0
ip add xxx mask
int g2/0/0
ip add xxx mask
firwwall zone trust
add interface g1/0/0 # ping的话需要接口开启允许,service-mange ping permit
firwwall zone untrust
add interface g2/0/0
接下来定义rule规则即可:
security-policy
rule name xxx
rule name pc2_user2_icmp
source-zone trust
destination-zone untrust
source-address 10.1.1.2 mask 32
destination-address 192.168.1.0 mask 255.255.255.0
service icmp
action permit
rule move xxx // 移动防火墙安全策略