1 Device Modeland Firmware
Implement policies to ensure that employee IP addresses can only access approved applications, such as the office OA, whilethe boss’s IP address is not subject to any limitations. 3 Topology 4. Configuration Roadmap
5.1 Configuring Static IP Allocation (1) Choose Network > DHCP > DHCP Server. Onthe DHCP Service List page that is displayed, click Create to create a DHCP server. (2) On the Create DHCP Service page, configure basic information of the DHCP server, as shown in the following figure. a. Enter a name for the DHCPserver. In this example, the name is test. b. In the Interface field,use the interface Ge0/0 on the firewall. c. Configure the IP assignment range based on your actual needs. In this example, it is set to 192.168.1.0/24.Once the configuration is complete, click Advanced to access the advanced settings. (3) In the Advanced pane, enter the boss’s IP address and MAC address in the Binding Host MAC field for IP-MAC binding. Click Save. In this example, the IP address 192.168.1.2 is bound to the boss host’s MAC address d8:9e:f3:3f:d5:64 for static IP assignment. (4) After the configuration is saved, the DHCP Server toggleswitch is automatically on. If it is off, manually toggle it on. 5.2 Configuring Security Policies 1. Configure IP service address objects (1) Choose Object > Address > IPv4 Address toaccess the Object configuration page. Click Create to create anemployee IP address object. (2) On the Add IPv4 Address Object page, configure an employee IPaddress object named all staff, as shown in the following figure. Enterthe IP range in the IP Address/Range box, and click Save. (3) On the Add IPv4 Address Object page, configure a boss IPaddress object named boss, as shown in the following figure. Enter the192.168.1.2 in the IP Address/Range box, and click Save. The created IP address objects are displayed on the IPv4 Address page, as shown inthe following figure. (1) Choose Policy > Security Policy > Security Policy, and then choose Add Policy Group > Create to create a security policy for employee IP addresses. (2) Read the pop-up window and choose whether to create a policy in the simulation space. In this example, select Create. (3) On the Create Security Policy page, configure two security policies for employee IP addresses. Configure a security policy for the IPrange first. Set a policy name for the IP range:
Click App、User、Effective Time to expand. In the App field, select the application that needs to be allowed. In this example, select Work-OA. Set Action Option to Permit andclick Save. (4) Click App、User、Effective Time to expand. In the App field, select the application that needs to be blocked, and click Save. Repeat the preceding steps to configure a security policy for theboss IP address. 2. Configure security policies 1. Set a name for the security policy. In this example, the name is for boss. 2. In the Policy Group field, select Default Policy Group.You can select a custom policy group as required. 3. In the Priority field, select for all staff and Before to ensure this security policy for the boss IP address has a higher priority. 4. Select boss in the Src. Address field, and any in the Dest. Address field. Note: The Src. Security Zone/Interface and Dest. Security Zone/Interface fields are optional. In this example, Trust and Untrust are selected. 5. Select any for other parameters, set Action Option to Permit to allow traffic from the boss IP address to pass through. Click Save. 6 Verification After the configuration is complete, two security policies will be displayed: one allows traffic from the boss’s IP addresses, while the other restricts employee access to the allowed application. The for boss policy has a higher priority. |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd