No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Security Functions for a Virtual Firewall

Configuring Security Functions for a Virtual Firewall

Context

The procedure for configuring security functions on a virtual firewall is similar to the procedure for configuring security functions on a firewall. You must configure security functions on each virtual firewall independently to meet different service requirements. You can configure the following security functions:
  • Packet filtering firewall
  • ASPF
  • Port mapping
  • Aging time of the firewall session table
  • Attack defense

Procedure

  • Configuring a blacklist on the virtual firewall
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      firewall blacklist enable

      The blacklist function is enabled.

    3. Run:

      firewall blacklist ip-address [ vpn-instance vpn-instance-name ] [ expire-time minutes ]

      An entry is added to the blacklist.

  • Configuring a whitelist on the virtual firewall
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      firewall whitelist ip-address [ vpn-instance vpn-instance-name ] [ expire-time minutes ]

      An entry is added to the whitelist.

  • Configuring defense against ICMP Flood attacks
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      firewall defend icmp-flood enable

      The ICMP Flood attack defense function is enabled.

    3. Run:

      firewall defend icmp-flood { ip ip-address [ vpn-instance vpn-instance-name ] | zone zone-name } [ max-rate rate-value ]

      The parameters of ICMP Flood attack defense are set.

  • Configuring defense against SYN Flood attacks
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      firewall defend syn-flood enable

      The SYN Flood attack defense function is enabled.

    3. Run:

      firewall defend syn-flood { ip ip-address [ vpn-instance vpn-instance-name ] | zone zone-name } [ max-rate rate-value ] [ tcp-proxy { auto | off | on } ]

      The parameters of SYN Flood attack defense are set.

  • Configuring defense against UDP Flood attacks
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      firewall defend udp-flood enable

      The UDP Flood attack defense function is enabled.

    3. Run:

      firewall defend udp-flood { ip ip-address [ vpn-instance vpn-instance-name ] | zone zone-name } [ max-rate rate-value ]

      The parameters of UDP Flood attack defense are set.

Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13570

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next