目標:配置NAT模式,使101.0.0.1/24網絡經過防火牆後,通過192.168.1.254訪問互聯網
步驟:
1、配置內網兩個接口的ip地址
Config system interface 進入接口配置模式
Edit port1 進入端口子模式
set alias out 設置別名
Set ip 192.168.0.1 255.255.255.0 設置IP地址及掩碼
Set allowaccess Http https telnet ssh ping設置可以進行網管的方式
end
config system interface
edit port2
set alias internal
set ip 111.0.0.1 255.255.255.0
set allowaccess ping
end
2、配置靜態路由
config router static
edit 1
set device "port1" 注意端口不要選錯
set gateway 192.168.0.1
next
end
3、配置ACL規則
防火牆默認攔截所有通信數據,需要添加規則放行
config firewall policy
edit 1
set srcintf "any"
set dstintf "any"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end