华为防火墙配置命令-trust-dmz-untrust

R1配置命令

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf enable 
Info: Information center is disabled.
[Huawei]sys R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.9.195 24
[R1-GigabitEthernet0/0/0]undo sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 10.1.10.1 24
[R1-GigabitEthernet0/0/1]undo sh

USG防火墙配置命令

<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.	
[USG6000V1]undo inf enable 
Info: Information center is disabled.
[USG6000V1]int g1/0/0
[USG6000V1-GigabitEthernet1/0/0]ip add 192.168.0.254 24
[USG6000V1-GigabitEthernet1/0/0]undo sh
Info: Interface GigabitEthernet1/0/0 is not shutdown.
[USG6000V1-GigabitEthernet1/0/0]int g1/0/1
[USG6000V1-GigabitEthernet1/0/1]ip add 192.168.9.194 24
[USG6000V1-GigabitEthernet1/0/1]undo sh
Info: Interface GigabitEthernet1/0/1 is not shutdown.
[USG6000V1-GigabitEthernet1/0/1]int g1/0/2
[USG6000V1-GigabitEthernet1/0/2]ip add 172.16.1.254 24
[USG6000V1-GigabitEthernet1/0/2]undo sh
Info: Interface GigabitEthernet1/0/2 is not shutdown.
[USG6000V1-GigabitEthernet1/0/2]quit
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 192.168.9.195
[USG6000V1]firewall zone trust 
[USG6000V1-zone-trust]add int g1/0/0
[USG6000V1-zone-trust]firewall zone untrust
[USG6000V1-zone-untrust]add int g1/0/1
[USG6000V1-zone-untrust]firewall zone dmz
[USG6000V1-zone-dmz]add int g1/0/2
[USG6000V1-zone-dmz]quit
[USG6000V1]
[USG6000V1]security-policy 
[USG6000V1-policy-security]rule name trust2untrust	
[USG6000V1-policy-security-rule-trust2untrust]source-zone trust 
[USG6000V1-policy-security-rule-trust2untrust]destination-zone untrust 	
[USG6000V1-policy-security-rule-trust2untrust]action permit 
[USG6000V1-policy-security-rule-trust2untrust]quit
[USG6000V1-policy-security]rule name trust2dmz
[USG6000V1-policy-security-rule-trust2dmz]source-zone trust 
[USG6000V1-policy-security-rule-trust2dmz]destination-zone dmz 
[USG6000V1-policy-security-rule-trust2dmz]action permit 
[USG6000V1-policy-security-rule-trust2dmz]quit
[USG6000V1-policy-security]quit
[USG6000v1]nat-policy
[USG6000V1-policy-nat]rule name natpolicy	
[USG6000V1-policy-nat-rule-natpolicy]source-address 192.168.0.0 24	
[USG6000V1-policy-nat-rule-natpolicy]destination-zone untrust 
[USG6000V1-policy-nat-rule-natpolicy]action nat easy-ip 
[USG6000V1-policy-nat-rule-natpolicy]quit