16.2. interface

firewall-> get interface all
box is not in pure_l2_mode

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Total interface: 12
Name           IP Address         Zone        MAC            VLAN State VSD
trust     Trust       001f.1255.a902    -   U   -
untrust   Untrust     001f.1255.a901    -   U   -
serial          Null        001f.1255.a906    -   D   -
tun.1          unnumbered         Untrust     untrust           -   D   -
vlan1          VLAN        001f.1255.a90f    1   D   -
null           Null        N/A               -   U   0

16.2.1. PPPoE

set pppoe name "PPPoE"
set pppoe name "PPPoE" username "cjf0000@163.gd" password "yVizHVPmNgsYRvCpTP7RsQnxg2VpbQ=="
set pppoe name "PPPoE" idle 0
set pppoe name "PPPoE" interface untrust
set pppoe name "PPPoE" auto-connect 30

16.2.2. 接口模式

set interface eth4 nat    //将接口4设置为nat模式
set interface eth4 route  //将接口4设置为路由模式

Route between multiple subnets without a router

set interface trust ip (ip address) (subnet mask) secondary [Enter]
save [Enter]

16.2.3. vlan

set zone name office //建立一个3层的zone,名为Office
set zone name L2-office  L2 1   //建立一个2层的zone,名为L2-Office(二层接口必须以L2-开始命名),vlan id 为1。
set interface eth4 zone office   //将接口4设置为office  zone的接口。
set interface vlan1 ip  //将vlan1的ip设置为10.10.10.10
set interface vlan1 manage web  //开通vlan1接口的web管理功能
set interface vlan1 manage ping  //开通vlan1接口的ping功能

16.2.4. MIP

set interface eth3 mip host vrouter trust-vr   //设置mip,外网ip1.1.1.1 绑定到内网ip上
unset interface eth3 mip   //取消1.1.1.1的mip设置
unset interface "untrust" mip
set interface "untrust" mip host netmask vr "trust-vr"

set policy from "Untrust" to "Trust"  "Any" "MIP(" "HTTP" permit log

policy id = 79

set policy id 79
set service "HTTPS"

16.2.5. VIP

set interface eth3 vip untrust-ip + 21 ftp       //设置vip
set interface eth3 vip untrust-ip + 8000 ftp
set service "OpenSSH" protocol tcp src-port 0-65535 dst-port 22-22

set interface untrust vip + 22 OpenSSH

set policy from untrust to trust any vip( OpenSSH permit