找回密码
 立即注册
邮电通讯系统 2022-07-01 54 0star收藏 版权: . 保留作者信息 . 禁止商业使用 . 禁止修改作品
目前有很多用户存在内网访问控制的需求,希望能够充分利用防火墙的访问控制能力进一步细分内网的安全子域,由于办公用户和内部应用主机通常接在交换机上,要想在交换机上实现不同VLAN间访问控制和隔离,对交换机处理要求比较高,实施起来比较复杂而且维护不方便。经测试验证:交换机和Netscreen防火墙结合起来可以很好地解决内网访问控制问题,通过Trunk+aggregate接口并结合防火墙的zone和Policy能够提供更细粒度的内网访问控制。下面结合一个客户案例做一个扼要介绍。客户需求:1、需要对内网所有VLAN间的流量实~~~~~

(At present, many users have the need for intranet access control, and hope to make full use of the access control ability of the firewall to further subdivide the security sub domain of the intranet. Because office users and internal application hosts are usually connected to the switch, in order to achieve access control and isolation between different VLANs on the switch, the switch processing requirements are relatively high, the implementation is relatively complex, and the maintenance is inconvenient. The test shows that the combination of switch and NetScreen firewall can solve the problem of intranet access control. Through trunk + aggregate interface and firewall zone and policy, it can provide finer grained intranet access control. Let's make a brief introduction with a customer case. Customer requirements: 1. The traffic between all VLANs in the intranet needs to be verified~~~~~)

[下载]20524298398.rar




上一篇:网络地址翻译方法总结和实验
下一篇:某公司网络PING延迟故障案例解析