No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Port Mapping

Configuring Port Mapping

Port mapping maps protocols to ports based on a basic ACL. Port mapping applies to the application-layer protocols such as FTP, DNS, HTTP, SIP, PPTP and RTSP.


Application-layer protocols use well-known ports for communication. Port mapping enables you to define new port numbers for application-layer protocols, which protect servers against service-specific attacks. Port mapping applies to service-sensitive features such as application specific packet filter (ASPF) and Network Address Translation (NAT).

Port mapping is implemented based on basic ACLs (2000 to 2999). The firewall matches destination IP addresses of packets with the IP addresses configured in basic ACL rules and performs port mapping only for the packets matching the ACL rules.


  1. Run:


    The system view is displayed.

  2. Run:

    port-mapping { dns | ftp | http | sip | rtsp | pptp } port port-number acl acl-number

    Port mapping is configured.

    You can map multiple ports to a protocol, or map a port to multiple protocols. The mappings, however, must be distinguished by ACLs. That is, packets matching different ACL rules use different mapping entries.


    Port mapping identifies the protocol type of the packets destined for an IP address (such as the IP address of a WWW server). Therefore, when configuring the basic ACL rules, match the destination IP addresses of the packets with the source IP addresses defined in ACL rules.

Checking the Configuration

  • Run the display port-mapping [ dns | ftp | http | rtsp | sip | port port-number | pptp ] command to check information about port mapping.
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13535

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next