Querying policies by ip address, Interzone policy configuration examples, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

71

results matching the search conditions. Click Reset in the Operation column to clear the packets statistics

of the related interzone policy and at this time the system starts to perform statistics again.

Figure 71 Statistics of an interzone policy

Table 25 Field description

Item Description

Permitted Packets

Number of packets that match the interzone policy and are forwarded
during the statistics time

Denied Packets

Number of packets that match the interzone policy and are dropped
during the statistics time

Start Time

Start time of the statistics.

End Time

End time of the statistics.

Querying policies by IP address

Select Firewall > Security Policy > Policy Inverse Query from the navigation tree to enter the page as

shown in

Figure 72

. Type the IP address in the field, select whether you want to query by source or

destination IP address from the list, and then click Search. The page displays the policies with the source

or destination IP address.

Figure 72 Query policies by IP address

TIP:

Clicking the Configure Interzone Policy link goes to the interzone policy rule list page. You can also select
Firewall > Security Policy > Interzone Policy from the navigation tree to enter the page.

Interzone policy configuration examples

Network requirements

•

As shown in

Figure 73

, SecPath connects the corporate network to the Internet. The corporate

network belongs to zone Trust, and the external network belongs to zone Untrust.

•

Configure an interzone policy, allowing internal host Public to access the external network at any
time and denying all the other internal hosts’ access to the external network during working hours

(from 8:00 to 18:00) on working days (from Monday through Friday).