No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Flow

Configuration Flow

Table 8-10 shows the configuration flow of the solution.

Table 8-10  Configuration flow
Item Procedure Action Description
CPE 1 Configure the uplink and downlink interface data.

Mandatory

You can configure the data based on the actual interface and IP address planning.

2 Configure the NAT function.

Mandatory

You can configure Easy IP. The IPv4 addresses of the user's private network are translated into the carrier's IPv4 addresses.

3 Configure routes.

Mandatory

The routes configured for the CPE include:

  • Static IPv4 route: forwards IPv4 service packets
  • OSPFv3 configured at the interface to connect to the IPv6 network: forwards IPv6 service packets
CGN 1 Configure the uplink and downlink interface data.

Mandatory

You can configure the data based on the actual interface and IP address planning.

2 Configure the NAT function.

Mandatory

The NAT function is used translate IPv4 addresses of the carrier's private network to the IPv4 address of the IPv4 public addresses.

2.1 Configure the NAT address pool.

Mandatory

The NAT address pool is a collection of consecutive IP addresses. When a packet from the private network reaches the public network through NAT, an address in the NAT address pool is selected as the IP address after translation.

Set the pre-allocated port block size in the address pool for the pre-allocation of port resources for NAT to the CPE.

2.2 Configuring the NAT policy.

Mandatory

Specify the security interzone in which the NAT policy takes effect and the NAT address pool referenced in the NAT policy.

3 Configure routes.

Mandatory

The routes configured include:

  • Static route to the CPE and IPv4 Internet: forwards IPv4 service packets
  • OSPFv3 protocol configured at the interface to connect to the IPv6 network: forwarding IPv6 service packets
4 Configure the NAT64 function.

Mandatory

The NAT64 function enables the IPv6 users to access the IPv4 network.

4.1 Configure the NAT address pool.

Mandatory

The addresses in the NAT address pool are used as the IPv4 addresses after the NAT64 translation.

4.2 Configure the NAT64 prefix and advertise it on the IPv6 network.

Mandatory

Whether the CGN performs NAT64 translation on an IPv6 packet depends on whether the IPv6 packet contains a NAT64 prefix.

4.3 Configure the NAT64 policy.

Mandatory

Configure NAT64 dynamic mapping in the NAT policy, and specify the NAT type as NAT64. When performing NAT64 translation, the CGN selects one IPv4 address randomly from the NAT address pool referenced in the NAT64 policy as the source address of a packet after translation.

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16585

Downloads: 713

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next