No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Displaying the Firewall Configuration

Displaying the Firewall Configuration

Procedure

  • Run the display firewall zone [ zone-name ] [ interface | priority ] command to view the configurations of all zones or a specified zone.
  • Run the display firewall interzone [ zone-name1 zone-name2 ] command to view the configurations of an interzone.
  • Run the display firewall blacklist configuration command to view the status of the blacklist function.
  • Run the display firewall blacklist { all | ip-address [ vpn-instance vpn-instance-name ] | dynamic | static | vpn-instance vpn-instance-name } command to view the blacklist entries.
  • Run the display firewall whitelist { all | ip-address [ vpn-instance vpn-instance-name ] | vpn-instance vpn-instance-name } command to view the whitelist entries.
  • Run the display firewall statistics system [ normal all | defend ] command to view the system-level traffic statistics.
  • Run the display firewall statistics zone zone-name { inzone | outzone } all command to view the zone-level traffic statistics and traffic monitoring information.
  • Run the display firewall statistics zone-ip zone-name command to view the status of traffic monitoring function and session thresholds for each protocol.
  • Run the display firewall-nat session aging-time command to view the timeout of entries in the session table.
  • Run the display port-mapping [ dns | ftp | http | rtsp | sip | port port-number | pptp ] command to view the mappings between application-layer protocols and ports.
  • Run the display firewall defend { flag | { icmp-flood | syn-flood | udp-flood } [ ip [ ip-address [ vpn-instance vpn-instance-name ] ] | zone [ zone-name ] ] | other-attack-type } command to view the status and configuration of the attack defense functions.
  • Run the display firewall log configuration command to view the global configuration of the log function.
  • Run the display firewall session { all [ verbose ] | number } or display firewall session protocol { protocol-number | protocol-name } [ source source-address [ source-port ] ] [ destination destination-address [ destination-port ] ] [ verbose ] command to view the session table of the firewall.
  • Run the display firewall app { servermap | session } table statistics command to check statistics on firewall application entries.
Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 12172

Downloads: 38

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next