beautypg.com

Setting the priority of a security zone, Enabling the share attribute of a security zone – H3C Technologies H3C SecBlade LB Cards User Manual

Page 24

background image

13

security zone name, or specify both the security zone name and security zone ID. If you specify both the

security zone name and security zone ID, make sure the two arguments identify the same security zone.
A security zone created in system view belongs to the default VD, and a security zone created in VD

system view belongs to the non-default VD.
To create a security zone:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VD system

view.

switchto vd vd-name

Required if you want to create a security
zone for a non-default VD.

3.

Create a security
zone and enter

security zone view.

zone name zone-name [ id zone-id ]

Optional.
By default, a non-default VD has no
security zones, and the default VD has

five security zones: Management (ID =
0), Local (ID = 1), Trust (ID = 2), DMZ (ID

= 3), and Untrust (ID = 4).

Setting the priority of a security zone

The priority of a security zone indicates the security zone's security level. The greater the priority (the
highest is 100), the higher the security level. Packets that match no interzone policies are allowed to travel

from a higher priority zone to a lower priority zone, or between two zones of the same priority, but are

forbidden to travel from a lower priority zone to a higher priority zone.
To set the priority of a security zone:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VD system view. switchto vd vd-name

Required for a security zone of a
non-default VD.

3.

Enter security zone
view.

zone name zone-name [ id zone-id ] N/A

4.

Set the priority of the
security zone.

priority priority-value

By default, the priority of a user-defined
security zone is 1, and the priorities of

system-predefined security zones are:

100 for Management, 100 for Local, 85
for Trust, 50 for DMZ, and 5 for Untrust.

Enabling the share attribute of a security zone

A security zone with its share attribute enabled can be used by other VDs' interzone instances as the

destination security zone. A security zone with its share attribute disabled can only be used by an

interzone instance of its native VD.
To enable the share attribute of a security zone:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: