No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Scripts

Configuration Scripts

FW-3 FW-4
#
 hrp enable
 hrp interface GigabitEthernet 1/0/3 remote 10.10.10.2
#
 undo firewall session link-state check
#
interface GigabitEthernet 1/0/1
 description SACG1_To_Coreswitch1_GE1/1/0/3
 ip address 10.4.1.2 255.255.255.248
 vrrp vrid 1 virtual-ip 10.4.1.1 active
 link-group 1
#
interface GigabitEthernet 1/0/2
 description SACG1_To_Coreswitch1_GE1/1/0/4
 ip address 10.5.1.2 255.255.255.248
 vrrp vrid 2 virtual-ip 10.5.1.1 active
 link-group 1
#
interface GigabitEthernet 1/0/3
 description hrp_interface
 ip address 10.10.10.1 255.255.255.0
#
firewall zone trust
 add interface GigabitEthernet 1/0/1
#
firewall zone untrust
 add interface GigabitEthernet 1/0/2
#
firewall zone dmz
 add interface GigabitEthernet 1/0/3
#
firewall interzone trust untrust
 apply packet-filter right-manager inbound
#
ip route-static 0.0.0.0 0.0.0.0 10.4.1.4
#
 firewall session aging-time service-set tcp_1414 40000
#
right-manager server-group
 default acl 3099
 server ip 192.168.1.2 port 3288 shared-key %$%$FxDAFSd(Y*Ku3%4+"%$%$
 server ip 192.168.1.3 port 3288 shared-key %ef<f%7FxDAFSd(Y*Ku3%><dfe%&%$
 integrity-check enable
 right-manager server-group enable
 right-manager status-detect enable
 local ip 10.4.1.2
 right-manager authentication url http://192.168.1.2:8084/auth
 right-manager authentication url http://192.168.1.3:8084/auth
#
security-policy
 rule name sc_to_sacg
  source-zone trust
  source-zone local
  destination-zone local
  destination-zone trust
  action permit
 rule name sacg_to_client
  source-zone local
  destination-zone untrust
  action permit
#
 hrp enable
 hrp interface GigabitEthernet 1/0/3 remote 10.10.10.1
#
 undo firewall session link-state check
#
interface GigabitEthernet 1/0/1
 description SACG2_To_Coreswitch2_GE2/1/0/3
 ip address 10.4.1.3 255.255.255.248
 vrrp vrid 1 virtual-ip 10.4.1.1 standby
 link-group 1
#
interface GigabitEthernet 1/0/2
 description SACG2_To_Coreswitch2_GE2/1/0/4
 ip address 10.5.1.3 255.255.255.248
 vrrp vrid 2 virtual-ip 10.5.1.1 standby
 link-group 1
#
interface GigabitEthernet 1/0/3
 description hrp_interface
 ip address 10.10.10.2 255.255.255.0
#
firewall zone trust
 add interface GigabitEthernet 1/0/1
#
firewall zone untrust
 add interface GigabitEthernet 1/0/2
#
firewall zone dmz
 add interface GigabitEthernet 1/0/3
#
firewall interzone trust untrust
 apply packet-filter right-manager inbound
#
ip route-static 0.0.0.0 0.0.0.0 10.4.1.4
#
 firewall session aging-time service-set tcp_1414 40000
#
right-manager server-group
 default acl 3099
 server ip 192.168.1.2 port 3288 shared-key %$%$FxDAFSd(Y*Ku3%4+"%$%$
 server ip 192.168.1.3 port 3288 shared-key %ef<f%7FxDAFSd(Y*Ku3%><dfe%&%$
 integrity-check enable
 right-manager server-group enable
 right-manager status-detect enable
 local ip 10.4.1.3
 right-manager authentication url http://192.168.1.2:8084/auth
 right-manager authentication url http://192.168.1.3:8084/auth
#
security-policy
 rule name sc_to_sacg
  source-zone trust
  source-zone local
  destination-zone local
  destination-zone trust
  action permit
 rule name sacg_to_client
  source-zone local
  destination-zone untrust
  action permit
Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16666

Downloads: 717

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next