Lsr1ips1a1 card configuration, Configuration overview, From internal network to external network – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 42: From external network to internal network
35
# Select System Management > Network Management > Security Zone. Click Add. Input Inside in the
Name text box, add 10GE interface xeth0/0 and internal network VLAN 10, and click Apply, as shown
in
. Similarly, create security zones Inside 1 and Outside, and add xeth0/0 and VLAN 20 for
Inside 1 and xeth0/0 and VLAN 30 for Outside.
Figure 22 Security zones configuration for the SecBlade IPS cards
# Select System Management > Network Management > Segment Configuration, and click Add
Segment. Select Segment No 0, Internal Zone Inside and External Zone Outside, and click Apply, as
shown in
. Similarly, create segment 1 by selecting Segment No 1, Internal Zone Inside1 and
External Zone Outside and clicking Apply.
Figure 23 Segments configuration for the SecBlade IPS cards
LSR1IPS1A1 Card Configuration
NOTE:
The LSR1IPS1A1 card is only for the Comware V5 S9500E switches.
Configuration Overview
The switch and the SecBlade IPS card are connected through internal 10GE interfaces. With OAA
configured, the switch redirects traffic to the SecBlade IPS card through its 10GE interface automatically.
After processing the traffic, the SecBlade IPS card sends it back to the switch through its internal 10GE
interface, and the switch forwards the traffic. The detailed data forwarding process is as follows.
From internal network to external network
1.
Packets from the internal network enter the switch.
2.
The switch redirects the packets to the SecBlade IPS card.
3.
After processing the packets, the SecBlade IPS card forwards them back to the switch.
4.
The switch forwards the packets out its external network interface.
From external network to internal network
1.
Packets from the external network enter the switch.