Networks NetScreen设备为例，具体设置如下：

　　一、 接口配置
　　set interface ethernet1 zone trust
　　set interface ethernet1 ip 10.1.1.1/24
　　set interface ethernet1 manage
　　set interface ethernet3 zone untrust
　　set interface ethernet3 ip 1.1.1.1/24
　　set interface ethernet2 zone dmz
　　set interface ethernet2 ip 2.1.1.1/24

　　二、 ip地址设置
　　set address dmz websrv1 1.2.2.5/32
　　set address dmz websrv2 1.2.2.6/32

　　三、 路由设置
　　set vrouter trust-vr route 0.0.0.0/0 interface ethernet3 gateway 1.1.1.250

　　四、策略设置

　　1、 策略一设置
　　set policy id 1 from untrust to dmz any websrv1 http permit attack
　　CRITICAL:HTTP:ANOM action close-server
　　set policy id 1
　　ns(policy:1)-> set dst-address websrv2
　　ns(policy:1)-> set service ftp-get
　　ns(policy:1)-> set service https
　　ns(policy:1)-> set service ping
　　ns(policy:1)-> set attack CRITICAL:HTTP:SIGS action close-server
　　ns(policy:1)-> set attack HIGH:HTTP:ANOM action close-server
　　ns(policy:1)-> set attack HIGH:HTTP:SIGS action close-server
　　ns(policy:1)-> set attack MEDIUM:HTTP:ANOM action close-server
　　ns(policy:1)-> set attack MEDIUM:HTTP:SIGS action close-server
　　ns(policy:1)-> set attack CRITICAL:FTP:SIGS action close-server

　　2、策略二设置
　　set policy id 2 from trust to dmz any websrv1 http permit attack
　　CRITICAL:HTTP:ANOM action close
　　set policy id 2
　　ns(policy:2)-> set dst-address websrv2
　　ns(policy:2)-> set service ftp
　　ns(policy:2)-> set service https
　　ns(policy:2)-> set service ping
　　ns(policy:2)-> set attack CRITICAL:HTTP:SIGS action close
　　ns(policy:2)-> set attack HIGH:HTTP:ANOM action close
　　ns(policy:2)-> set attack HIGH:HTTP:SIGS action close
　　ns(policy:2)-> set attack MEDIUM:HTTP:ANOM action close
　　ns(policy:2)-> set attack MEDIUM:HTTP:SIGS action close
　　ns(policy:2)-> set attack CRITICAL:FTP:SIGS action close

　　3、策略三设置
　　set policy id 3 from trust to untrust any any http permit attack
　　CRITICAL:HTTP:ANOM action close-client
　　set policy id 3
　　ns(policy:3)-> set service ftp-get
　　ns(policy:3)-> set service https
　　ns(policy:3)-> set service ping
　　ns(policy:3)-> set attack CRITICAL:HTTP:SIGS action close-client
　　ns(policy:3)-> set attack HIGH:HTTP:ANOM action close-client
　　ns(policy:3)-> set attack HIGH:HTTP:SIGS action close-client
　　ns(policy:3)-> set attack MEDIUM:HTTP:ANOM action close-client
　　ns(policy:3)-> set attack MEDIUM:HTTP:SIGS action close-client
　　ns(policy:3)-> set attack CRITICAL:FTP:SIGS action close-client

　　俗话说的好：“世界上没有一种技术能真正保证绝对地安全。”安全问题，是从设备到人，从服务器上的每个服务程序到防火墙等安全产品的综合问题，任何一个环节，只是向安全迈进一小步。防火墙是一种整体安全防范策略的一部分，仅有防火墙是不够的，安全策略还必须包括全面的安全准则，即网络访问、本地和远程用户认证、拨出拨入呼叫、磁盘和数据加密以及病毒防护等有关的安全策略。