1、放通策略local到trust
security-policy
rule name l2t
source-zone local
destination-zone trust
source-address 192.168.20.2 mask 255.255.255.255 //管理口地址
destination-address 192.168.20.1 mask 255.255.255.255 //cloud地址
service icmp
action permit
ping -vpn-instance default 192.168.20.1 //防火墙带vpn去ping