Recently encountered a number of customer requests to solve similar problems, now give an example to illustrate.
After finishing the summary customer request has 3 points:
1.1 Paragraph of the IP can not access 2 paragraph of the same 2 paragraph can not access 1 paragraphs.
2. of which 1.208 and 2.208 are servers that can be exchanged between the 2 units.
3. The last 2 paragraphs will have access to 1 paragraphs of 2 printers 1.44 and 1.45.
In behavior management-access control, first of all, do 2 blocked access rules, as shown in Figure 1:
Figure 2
This prohibits 1 paragraphs and 2 paragraphs of the exchange of visits required to be achieved. (Note that the execution order number is larger.)
The second requires mutual visits between 192.168.1.208 and 192.168.2.208, as shown in Figure 1
Figure 2
Note that these 2 execution orders are smaller than the execution order of the first requirement, representing the first requirement rule execution.
The third required 2-segment IP to access 1 segment of 2 printers. As shown in Figure 1
Figure 2
This order of execution is 1, which represents the highest priority execution. By adding the above rules, the customer's requirements are all up to