(The internal network segment of an enterprise is 192.168.1.0/24, and the external network segment is 192.168.100.0/22. As the WebServer host 192.168.1.3 on the intranet, connect to the GE0/2 interface of the Device, and configure an IPS policy on the Device to prevent PCs on the external network from recommending attacks to the internal server. Figure 1 IPS configuration example Networking diagram 4.2 Configuration roadmap l? Introduce the traffic to be inspected into deep inspection l? Create an IPS policy l? Configure an IPS rule l? Basic configuration 1. Configure interface GE0/1 Click "Device Management > Interface Management" in the left navigation bar, click the button in the GE0/1 column to enter the "Interface Edit" interface. Set the interface GE0/1 according to the figure below, and then click the lt;Confirm gt; button to complete the configuration. Click "Device Management > Security Zone" in the left navigation bar, and click the button in the Untrust column to enter the "Modify Security Zone" interface. Add interface GE0/1 to the Untrust zone according to the figure below, and click the lt;Confirm gt; button to return to the "Security Zone" interface. 2. Configure interface GE0/2 with the same IP address of interface GE0/2 as 192.168.1.1/24, and join the security zone Trust. In "Device Management > Interface Management", you can see the interface after the configuration: 3. Configure NATServer In this example, you need to configure NATServer to give the internal Web server 192.168.1.3 an address 192.168.102.132 that can be accessed from the outside. Click "Firewall gt;NATgt;Internal Server" in the navigation bar, click lt;New gt; under the "Internal Server Translation" tab, and configure as follows:)
收藏
