将内网中各个接口能够ping通自己的网关
1.划分vlan
[sw6]vlan batch 2 3
[sw6]int g0/0/2
[sw6-GigabitEthernet0/0/2]port link-type access
[sw6-GigabitEthernet0/0/2]port default vlan 2
[sw6-GigabitEthernet0/0/2]int g0/0/3
[sw6-GigabitEthernet0/0/3]port link-t access
[sw6-GigabitEthernet0/0/3]port default vlan 3
[sw6-GigabitEthernet0/0/3]int g0/0/1
[sw6-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[sw6-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
防火墙配置
[USG6000V1]int g0/0/0
[USG6000V1-GigabitEthernet0/0/0] ip add 192.168.100.1 24
[USG6000V1-GigabitEthernet0/0/0]service-manage all permit
创建单臂路由
创建安全区域
查看路由表
测试
![[已解决]504 Gateway Time-out 网关超时](https://img-blog.csdnimg.cn/img_convert/24ef331c2c94f4485b15c1ada9052b24.png)
