Example 1: L3 Traffic Transmission in a Single VSYS

An enterprise deploys a Hillstone device in its network. The goal is to enable Dept. A to visit Intranet servers through ethernet0/0 and ethernet0/3 in a single VSYS. The topology is shown as below:

To meet the above requirement, a VSYS and corresponding policy rules are needed. Below is the logical illustration:

Take the following steps:

Step 1: Create VSYS-a.

  1. On the Navigation pane, click Configure > Network > VSYS to visit the VSYS page.
  2. Click New. Configure as follows:
  3. Click OK.

Step 2: Export ethernet0/0 and ethernet0/3 to VSYS-a, and create a policy.

  1. On the Navigation pane, click Configure > Network > VSYS to visit the VSYS page.
  2. Click VSYS-a in the VSYS list to enter the VSYS-a configuration page.
  3. On the Navigation pane of VSYS-a, click Configure > Network > Network to visit the Network page.
  4. Click New in upper-left of the Zone list, and configure as follows:
  5. Click OK.
  6. Repeat step 4 to step 5 to create a layer 3 zone named vsys-a-untrust.
  7. Select ethernet0/0 from the interface list, and click Edit. In the Interface Configuration dialog, configure as below:
  8. Click OK to save the changes and return to the Network page.
  9. Select ethernet0/3 from the interface list, and click Edit. In the Interface Configuration dialog, configure as below:
  10. Click OK to save the changes and return to the Network page.
  11. On the Navigation pane of VSYS-a, click Configure > Security > Policy to visit the Policy page.
  12. Click New. In the Policy Configuration dialog, configure as follows:
  13. Click OK to save the changes.