No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verification

Verification

  1. When teachers and users with monthly package of 50 Yuan access the extranet, the traffic destined to the education network is forwarded by GE1/0/1, the traffic destined to ISP1 network is forwarded by GE1/0/2, GE1/0/3, or GE1/0/4, and the traffic destined to ISP2 network is forwarded by GE1/0/5 or GE1/0/6.

  2. The traffic of the distance education system is forwarded over the link to the education network or ISP2 link, P2P traffic is forwarded over ISP1 link, and the traffic of users with monthly package of 20 Yuan and users who access network resources from the library is forwarded over the link to the education network.

  3. Check the configuration and update of the IPS signature database.

    # Run the display update configuration command to check the update information of the IPS signature database.

    [sysname] display update configuration
    Update Configuration Information:                                               
    ------------------------------------------------------------                    
      Update Server               : sec.huawei.com                                  
      Update Port                 : 80                                              
      Proxy State                 : disable                                         
      Proxy Server                : -                                               
      Proxy Port                  : -                                               
      Proxy User                  : -                                               
      Proxy Password              : -                                               
      IPS-SDB:                                                                      
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      AV-SDB:                
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      SA-SDB:                                                                       
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      IP-REPUTATION:                                                            
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      CNC:                                                                          
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
    ------------------------------------------------------------                    

    # Run the display version ips-sdb command to check the configuration of the IPS signature database.

    [sysname] display version ips-sdb
    IPS SDB Update Information List:                                                
    ----------------------------------------------------------------                
      Current Version:                                                              
        Signature Database Version    : 2015041503                                  
        Signature Database Size(byte) : 2659606                                     
        Update Time                   : 12:02:10 2015/05/27                         
        Issue Time of the Update File : 16:06:30 2015/04/15                         
                                                                                    
      Backup Version:                                                               
        Signature Database Version    :                                             
        Signature Database Size(byte) : 0                                           
        Update Time                   : 00:00:00 0000/00/00                         
        Issue Time of the Update File : 00:00:00 0000/00/00                         
    ----------------------------------------------------------------                
    IPS Engine Information List:                                                    
    ----------------------------------------------------------------                
      Current Version:                                                              
        IPS Engine Version            : V200R002C00SPC060                           
        IPS Engine Size(byte)         : 3145728                                     
        Update Time                   : 12:02:10 2015/05/27                         
        Issue Time of the Update File : 10:51:45 2015/05/20                         
                                                                                    
      Backup Version:                                                               
        IPS Engine Version            :                                             
        IPS Engine Size(byte)         : 0                                           
        Update Time                   : 00:00:00 0000/00/00                         
        Issue Time of the Update File : 00:00:00 0000/00/00                         
    ----------------------------------------------------------------                
    
  4. Run the display firewall server-map command to check server-map entries generated by server load balancing.

    [sysname] display  firewall server-map slb
     Current Total Server-map : 3                                                   
     Type: SLB,  ANY -> 3.3.113.113[grp1/1],  Zone:---,  protocol:---               
     Vpn: public -> public                                                          
     Type: SLB,  ANY -> 2.2.112.112[grp1/1],  Zone:---,  protocol:---               
     Vpn: public -> public                                                          
     Type: SLB,  ANY -> 1.1.111.111[grp1/1],  Zone:---,  protocol:---               
     Vpn: public -> public                                                          
    
  5. Run the display firewall server-map command to check server-map entries generated by the NAT server function.

    [sysname] display  firewall server-map nat-server
     Current Total Server-map : 12                                                  
     Type: Nat Server,  ANY -> 1.1.15.15[10.1.10.20],  Zone: edu_zone ,  protocol:--
    -                                                                               
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.15.15[10.1.10.20],  Zone: isp1_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.16.16[10.1.10.20],  Zone: isp1_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.17.17[10.1.10.20],  Zone: isp1_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.15.15[10.1.10.20],  Zone: isp2_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.16.16[10.1.10.20],  Zone: isp2_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 1.1.101.101[10.1.10.30],  Zone: edu_zone ,  protocol:
    ---                                                                             
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.102.102[10.1.10.30],  Zone: isp1_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.103.103[10.1.10.30],  Zone: isp1_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.104.104[10.1.10.30],  Zone: isp1_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.102.102[10.1.10.30],  Zone: isp2_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.103.103[10.1.10.30],  Zone: isp2_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[3.3.16.16] -> ANY,  Zone: isp2_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[3.3.15.15] -> ANY,  Zone: isp2_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[2.2.17.17] -> ANY,  Zone: isp1_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[2.2.16.16] -> ANY,  Zone: isp1_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[2.2.15.15] -> ANY,  Zone: isp1_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[1.1.15.15] -> ANY,  Zone: edu_zone ,  pro
    tocol:---                                                                       
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[3.3.103.103] -> ANY,  Zone: isp2_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[3.3.102.102] -> ANY,  Zone: isp2_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[2.2.104.104] -> ANY,  Zone: isp1_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[2.2.103.103] -> ANY,  Zone: isp1_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[2.2.102.102] -> ANY,  Zone: isp1_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[1.1.101.101] -> ANY,  Zone: edu_zone ,  p
    rotocol:---                                                                     
     Vpn: public -> public,  counter: 1                                             
                                                                                    
    
  6. Check session logs on the eSight.

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16679

Downloads: 717

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next