No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CloudEC V600R019C00 Security Maintenance (Enterprise On-premises, Only Conference)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Firewall Security Maintenance

Firewall Security Maintenance

You must periodically check firewalls if they are deployed on the network. Quidway Eudemon 1000E series firewalls are recommended.

Checking Firewall Statuses

Firewall status information can be collected in all views. If invalid firewall information is detected, handle it in time.

You must check the following information:

  • Firewall version
  • Firewall clock
  • End user
  • Initial configuration
  • Configuration of the current view
  • Current configuration
  • Debug switch status
  • Technical support information
  • Equipment serial number (ESN)

Checking Security Zone Configurations

If firewalls are deployed between internal networks and external networks, you must check security zone configurations and inter-security zone configurations.

NOTE:

You can create security zones on firewalls to provide different security guarantee for users in different security zones.

Checking the Default Packet Filter Rules

Check the default packet filter rules to identify data packets that can be received and data packets that must be denied. If incorrect packet filter rules are detected, handle them in time.

Checking the NAT Configuration

If network address translation (NAT) traversal is implemented on the network, check the NAT configuration and the current firewall configuration. If the incorrect NAT configuration is detected, modify it in time. Perform the operations by referring to related firewall documents.

Checking VLAN/IP Information

A Local Area Network (LAN) can be divided into multiple Virtual Local Area Networks (VLANs) logically. Hosts on a VLAN can communicate with each other, and hosts between VLANs cannot communicate with each other. That is, broadcast packets can be sent between hosts on the same VLAN, which improves network security.

Check VLAN statues, VLAN configurations, and related IP addresses. If exception information is detected, handle it in time.

NOTE:

If the network outside the firewall has a low credibility, enable TCP, UDP, IP, and ICMP attack defense policies to prevent possible half and malformed TCP connections targeting at CloudEC on-premises conference-only solution servers or other hosts inside the firewall.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100059091

Views: 16688

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next