{{ secondMenu.name }}
On the System Management page, you can enable the VSYS feature, add VSYSs, and assign resources, physical interfaces, subinterfaces, and VLAN interfaces to VSYSs.
On the System Management page, check Enable, as shown in the following figure.
Click Add. The Add Virtual System dialog box appears. On the Basics tab, set a name for the VSYS and select resources from the system, another VSYS, a resource pool, or custom resources, as shown in the following figure.
On the Physical Interfaces tab, select physical interfaces for the VSYS, as shown in the following figure.
You can also assign subinterfaces and VLAN interfaces to the VSYS on the Subinterfaces and VLAN Interfaces tabs.
After the system is created, the public system administrator can switch to the system in the upper-right corner of the homepage, as shown in the following figure.
You can create an administrator account for network O&M personnel. Go to System > Administrator. On the Administrator page, click Add. In the Add Administrator dialog box, click Login Security and select Web UI for Management Method. In this way, the network operator can use this account for login.
9.8.2.1.1.1Example
A company purchased Network Secure and deployed it at the company's outbound interface as a gateway. The R&D and business networks of the company access the internet through the outbound interface. The subnets of both networks are 192.168.1.0/24. The company requires two virtual firewalls on Network Secure to manage the networks separately, and the networks do not need to communicate with each other. It is also required that the business network can access all internet applications and that the R&D network can only access webpages. The following figure shows the topology.
Step 1.Go to System > Virtual Systems > System Management. On the System Management page, check Enable.
Step 2.Click Add. In the Add Virtual System dialog box, set the name to "yanfa" (i.e.R&D), and select resources and a physical interface eth3 for the virtual system. You can use the default resource pool Resource or assign another resource pool as required.
Step 3.Click Add. In the Add Virtual System dialog box, set the name to "yewu" (i.e. business) and select resources and a physical interface eth2 for the virtual system. You can use the default resource pool Resource or assign another resource pool as required.
Step 4.Switch to the yanfa system and go to Network > Interfaces. On the Physical Interfaces tab, click Edit in the Operation column for physical interface eth1. In the Edit Physical Interface dialog box, select a zone and set the IP address to 192.168.1.1/24.
Step 5.In the yanfa system, go to Network > Interfaces. On the Virtual Interfaces tab, click Edit in the Operation column for virtual interface vsysif1. In the Edit Virtual Interface dialog box, select a zone and set the IP address to 172.16.1.1/24.
Step 6.In the yanfa system, go to Network > Routes > Static Routes. On the Static Routes page, configure a default route directing to the public system of the destination virtual router.
Step 7.In the yanfa system, go to Policies > Access Control > Application Control. On the Policies tab, add an application control policy to allow HTTP, HTTPS, and DNS services in the corresponding zone.
Step 8.In the yanfa system, go to Policies > NAT. On the IPv4 NAT tab, add a NAT policy to translate the source IP of the corresponding zone to the address of the outbound interface.
Step 9.Switch to the yewu system and go to Network > Interfaces. On the Physical Interfaces tab, click Edit in the Operation column for physical interface eth1. In the Edit Physical Interface dialog box, select a zone and set the IP address to 192.168.1.1/24.
Step 10.In the yewu system, go to Network > Interfaces. On the Virtual Interfaces tab, click Edit in the Operation column for virtual interface vsysif2. In the Edit Virtual Interface dialog box, select a zone and set the IP address to 172.16.2.1/24.
Step 11.In the yewu system, go to Network > Routes > Static Routes. On the Static Routes page, configure a default route directing to the public system of the destination virtual router.
Step 12.In the yewu system, go to Policies > Access Control > Application Control. On the Policies tab, add an application control policy to allow all services in the corresponding zone.
Step 13.In the yewu system, go to Policies > NAT. On the IPv4 NAT tab, add a NAT policy to translate the source IP to the address of the outbound interface.
Step 14.Switch to the public system and go to Network > Interfaces. On the Physical Interfaces tab, click Edit in the Operation column for physical interface eth1. In the Edit Physical Interface dialog box, select a zone and set the IP address to 172.22.7.111/21.
Step 15.In the public system, go to Network > Interfaces. On the Virtual Interfaces tab, click Edit in the Operation column for virtual interface vsysif0. In the Edit Virtual Interface dialog box, select a zone and set the IP address to 172.16.3.1/24.
Step 16.In the public system, go to Network > Routes > Static Routes. On the Static Routes page, configure a default route directing to the next-hop outbound interface of the internet and static routes respectively directing to the yanfa and yewu systems, with the destination IP set to the addresses of interfaces vsys1 and vsys2.
Step 17.In the public system, go to Policies > Access Control > Application Control. On the Policies tab, add an application control policy to allow all services in the corresponding zone.
Step 18.In the public system, go to Policies > NAT. On the IPv4 NAT tab, add a NAT policy to translate the source IP to the address of the outbound interface.
Step 19.Verify network access on the R&D and business networks.
{{ $t('index.defaultHeader.chromeBrowserTip') }}