L3 Virtual firewall - in 5 easy steps

Hi, everyone! Today I’m going to introduce the L3 Virtual firewall - in 5 easy steps. Eudemon200E-X V300R001

1. Create virtual firewall vf1

[Eudemon] ip vpn-instance vf1

[Eudemon-vpn-vf1] route-distinguisher 100:1

[Eudemon-vpn-vf1]quit

2. Bind inside interfaces and outside interface to virtual firewall

[Eudemon]interface gi0/0/0

[Eudemon-GigabitEthernet0/0/0]ip binding vpn-instance vf1   \\ bind interface to virtual firewall first and then assign ip address

[Eudemon-GigabitEthernet0/0/0]ip add 192.168.1.1 24

[Eudemon-GigabitEthernet0/0/0]q

[Eudemon]interface gi0/0/1

[Eudemon-GigabitEthernet0/0/1]ip binding vpn-instance vf1

[Eudemon-GigabitEthernet0/0/1]ip add 1.1.1.1 24

[Eudemon-GigabitEthernet0/0/1]q

3. Add interfaces to the security zones of virtual firewall vf1

[Eudemon]firewall zone vpn-instance vf1 trust

[Eudemon-zone-trust-vf1]add interface giga0/0/0

[Eudemon-zone-trust-vf1]q

[Eudemon]firewall zone vpn-instance vf1 untrust

[Eudemon-zone-untrust-vf1]add interface giga0/0/1

[Eudemon-zone-untrust-vf1]q

4. Configure interzone filtering for vf1 to allow packets from trust zone to pass to untrust zone.

[Eudemon]policy interzone vpn-instance vf1 trust untrust outbound

[Eudemon-policy-interzone-trust-untrust-vf1-outbound]policy 0

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]policy source 192.168.1.0 0.0.0.255

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]action permit

[Eudemon-policy-interzone-trust-untrust-vf1-outbound-0]q

 [Eudemon-policy-interzone-trust-untrust-vf1-outbound]q

 5.Configure NAT outbound to permit trust zone users to access untrust zone using 1.1.1.2 to 1.1.1.4 address

[Eudemon]nat adress-group 1 1.1.1.2 1.1.1.4 vpn-instance vf1

[Eudemon]nat-policy interzone vpn-instance vf1 trust untrust outbound

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound]policy 0

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]policy source 192.16.1.0 0.0.0.255

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]action source-nat

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]address-group 1

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound-0]q

[Eudemon-nat-policy-interzone-trust-untrust-vf1-outbound]q

If you have any problems, please post them in our Community. We are happy to solve them for you!