經實際測試是可以的
但需要下指令,圖形介面無法完成
1.須先建立一個能PING的到防火牆的外網IP物件(如圖)
2.連線到防火牆的cmd介面,輸入下列指令
請依照下列順序輸入,先建立允許在建立拒絕
config firewall local-in-policy
edit 1
set intf wan1
set srcaddr "KB_NB(物件名稱)"
set dstaddr "all"
set action accept
set service ALL_ICMP
set schedule always
next
edit 2
set intf wan1
set srcaddr all
set dstaddr all
set action deny
set service ALL_ICMP
set schedule always
end
edit 1
set intf wan1
set srcaddr "KB_NB(物件名稱)"
set dstaddr "all"
set action accept
set service ALL_ICMP
set schedule always
next
edit 2
set intf wan1
set srcaddr all
set dstaddr all
set action deny
set service ALL_ICMP
set schedule always
end
沒有留言:
張貼留言