Whether multiple sub-interfaces under the same main interface can be added to different security zones

2

Multiple sub-interfaces under the same main interface can be added to different security zones to achieve different intra-zone security policies.

Other related questions:
How to check whether the Interface Is Added to the Security Zone ?
Run the display zone command to check whether the interface is correctly added to a security zone. display zone If the interface is not added to any security zone, run the following command to add the interface to a security zone. [HUAWEI] firewall zone trust [HUAWEI-zone-trust] add interface GigabitEthernet1/0/1

Assigning an Eth-Trunk interface to a security zone
If the Eth-Trunk interface of the USG is a Layer 3 interface, you need to assign the Eth-Trunk interface to a security zone. [FW]firewall zone untrust [FW-zone-untrust]add interface Eth-Trunk

Assigning a VLANIF interface to a security zone
Perform as follows to assign a VLANIF interface to a security zone on the USG: [FW] vlan 10 [FW-vlan-10] quit [FW] interface Vlanif 10 [FW-Vlanif10] quit [FW] interface GigabitEthernet 0/0/1 [FW-GigabitEthernet0/0/1] portswitch [FW-GigabitEthernet0/0/1] port link-type trunk [FW-GigabitEthernet0/0/1] port trunk permit vlan 10 [FW-GigabitEthernet0/0/1] quit [FW] firewall zone name trust1 [FW-zone-trust1] set priority 10 [FW-zone-trust1] add interface Vlanif 10 [FW-zone-trust1] quit

Whether security zones of the USG9000 series can be of the same level
The levels of different security zones cannot be the same.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top