1)配置安全域
#接口加入该安全域中。
[DeviceA] security-zone name Trust
[DeviceA-security-zone- Trust] import interface gigabitethernet 1/0/0 #此处为管理口
[DeviceA-security-zone- Trust] quit2)配置对象策略及规则
# 放通Trust都Local区域所有地址。
[DeviceA] object-policy ip Trust-Local
[DeviceA-object-policy-ip- Trust-Local] rule pass
[DeviceA-object-policy-ip- Trust-Local] quit3)配置安全域间实例并应用对象策略
[DeviceA] zone-pair security sourceTrust destination Local
[DeviceA-zone-pair-security- Trust-Local] object-policy apply ip Trust-Local
[DeviceA-zone-pair-security- Trust-Local] quit