Foundry/configure# interface ethernet 0, Configuring existing ethernet interface, Foundry/configure/interface/ethernet 0# exit – Foundry Networks AR3202-CL User Manual

Security Features

June 2004

© 2004 Foundry Networks, Inc.

15 - 51

Step 1:Configure the Ethernet interfaces and the WAN interfaces with IP addresses:

Step 2: Create the security zones CORP and DMZ and attach interfaces:

Step 3: Verify that the interfaces are attached to the security zones:

Step 4: Create policies for Security Zone CORP that:

•

Allow all outgoing traffic (with firewall policy priority 1024)

•

Deny all incoming traffic (with firewall policy priority 1021)

•

Create an object of type

http-filter

to block java traffic

•

Modify policy 1024 to pat all outgoing traffic using public IP 193.168.94.220

•

Modify policy 1024 to add a java HTTP filter.

Foundry/configure# interface ethernet 0

Configuring existing Ethernet interface

Foundry/configure/interface/ethernet 0# ip address 10.2.1.1 24

Foundry/configure/interface/ethernet 0# exit

Foundry/configure# interface ethernet 1

Configuring existing Ethernet interface

Foundry/configure/interface/ethernet 1# ip address 10.3.1.1 24

Foundry/configure/interface/ethernet 1# exit

Foundry/configure# interface bundle wan

Foundry/configure/interface/bundle wan# link t1 1

Foundry/configure/interface/bundle wan# encapsulation p

Foundry/configure/interface/bundle wan# ip address 193.168.94.220 24

Foundry/configure/interface/bundle wan# exit

Foundry/configure# firewall corp

Foundry/configure/firewall corp# interface ethernet0

Foundry/configure/firewall corp# exit

Foundry/configure# firewall dmz

Foundry/configure/firewall dmz# interface ethernet1

Foundry/configure/firewall dmz# exit

Foundry/configure# firewall internet

Foundry/configure/firewall internet# interface wan

Foundry/configure/firewall internet# exit 2

Foundry/configure# show firewall interface all

Interface Map Name

--------- --------

ethernet0 corp

ethernet1 dmz

wan internet