Configuration overview, From internal network to external network – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 24
17
Figure 10 Create a segment
NOTE:
When creating a segment, you need to select the internal zone, external zone and the internal interface.
Figure 11 Configure the segment
Ten-
GigabitEthernet1/2/1
LSQ1IPSSC0 Card Configuration (Only for the
S7500E Switch and Supporting OAA
Configuration)
NOTE:
The LSQ1IPSSC0 card is only for the S7500E switches and supports the OAA feature.
Configuration Overview
The switch and the SecBlade IPS card are connected through internal 10GE interfaces. With OAA
configured, the switch redirects traffic to the SecBlade IPS card through its 10GE interface automatically.
After processing the traffic, the SecBlade IPS card sends it back to the switch through its internal 10GE
interface, and the switch forwards the traffic. The detailed data forwarding process is as follows.
From internal network to external network
1.
Packets from the internal network enter the switch.
2.
The switch redirects the packets to the SecBlade IPS card.
3.
After processing the packets, the SecBlade IPS card forwards them back to the switch.
4.
The switch forwards the packets out its external network interface.