Assigning a firewall interface to the Local zone

0

You cannot assign a firewall interface to the Local zone.

Other related questions:
Assigning a VLANIF interface to a security zone
Perform as follows to assign a VLANIF interface to a security zone on the USG: [FW] vlan 10 [FW-vlan-10] quit [FW] interface Vlanif 10 [FW-Vlanif10] quit [FW] interface GigabitEthernet 0/0/1 [FW-GigabitEthernet0/0/1] portswitch [FW-GigabitEthernet0/0/1] port link-type trunk [FW-GigabitEthernet0/0/1] port trunk permit vlan 10 [FW-GigabitEthernet0/0/1] quit [FW] firewall zone name trust1 [FW-zone-trust1] set priority 10 [FW-zone-trust1] add interface Vlanif 10 [FW-zone-trust1] quit

Assigning interfaces to security zones on the USG6000
Perform as follows to assign interfaces to security zones: 1. Run the firewall zone command to access the corresponding zone. 2. Run the add interface command to add the corresponding interface.

Assigning an Eth-Trunk interface to a security zone
If the Eth-Trunk interface of the USG is a Layer 3 interface, you need to assign the Eth-Trunk interface to a security zone. [FW]firewall zone untrust [FW-zone-untrust]add interface Eth-Trunk

Is security policy required to permit packets between the local zone and the zone where the heartbeat interface resides
USG6000 must require, but USG9500 does not.

Whether a security policy shall be configured between the zone where the heartbeat interface resides and Local zone
If remote is not set when heartbeat interfaces are configured, the heartbeat packets are encapsulated into VRRP packets, and the device that has no security policy can properly process the heartbeat packets. If remote is set when heartbeat interfaces are configured, the heartbeat packets are encapsulated into UDP packets, and a correct security policy needs to be configured for the interzone between the Local zone and the security zone where the heartbeat interfaces reside, which enables the device to properly send and receive the heartbeat packets.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top