下面的配置案例只是提供了基础配置的一个思路,具体其他的配置还需要看组网来增加；因为防火墙的具体类型还分很多种，如ASG只能在web界面操作，虽然一个是配置命令行，一个是web配置，但思路是一致，适用于所有的防火墙（下一代墙配置命令有所差异）

先根据上图对pc做好配置

交换机的配置如下

<Huawei>Sys

[Huawei] [Huawei]vlan batch 2 3

Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]interface Vlanif 2

[Huawei-Vlanif2]ip address 192.168.1.1 24

[Huawei-Vlanif2]q

[Huawei]interface Vlanif 3

[Huawei-Vlanif3]ip address 192.168.2.1 24

[Huawei-Vlanif3]q

[Huawei]interface g0/0/1

[Huawei-GigabitEthernet0/0/1]port link-type access

[Huawei-GigabitEthernet0/0/1]port default vlan 3

[Huawei-GigabitEthernet0/0/1]q

[Huawei]interface g0/0/2

[Huawei-GigabitEthernet0/0/2]port link-type access

[Huawei-GigabitEthernet0/0/2]port default vlan 2

[Huawei-GigabitEthernet0/0/2]q

[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.2.2        #配置默认静态路由
[Huawei]q

防火墙的配置如下：

[Huawei]interface GigabitEthernet0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 192.168.2.2 255.255.255.0

[Huawei-GigabitEthernet0/0/0]q

[Huawei] firewall zone trust

[Huawei -zone-trust]a    

[Huawei -zone-trust]add interface g0/0/0  将g0/0/0口加入到trust域

[Huawei -zone-trust]q

[Huawei]firewall packet-filter default permit interzone local trust direction inbound 开启域间策略

Warning:Setting the default packet filtering to permit poses security risks. You

are advised to configure the security policy based on the actual data flows. Are

you sure you want to continue?[Y/N]y

[Huawei]firewall packet-filter default permit interzone local trust direction outbound开启域间策略  对于其他接口加入到其他域里，也需要开启对于的域间策略

[Huawei] ip route-static 192.168.1.0 255.255.255.0 192.168.2.1   配置到交换机的回程路由(静态路由)