No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verification

Verification

  1. When users on the campus access the extranet, the traffic destined to the education network is forwarded by GE1/0/1, the traffic destined to ISP1 network is forwarded by GE1/0/2, and the traffic destined to ISP2 network is forwarded by GE1/0/3.

  2. The traffic destined to servers of other campuses and the network access traffic of users in the library are forwarded by GE1/0/1.

  3. Check the configuration and update of the IPS signature database.

    # Run the display update configuration command to check the update information of the IPS signature database.

    [sysname] display update configuration
    Update Configuration Information:                                               
    ------------------------------------------------------------                    
      Update Server               : sec.huawei.com                                  
      Update Port                 : 80                                              
      Proxy State                 : disable                                         
      Proxy Server                : -                                               
      Proxy Port                  : -                                               
      Proxy User                  : -                                               
      Proxy Password              : -                                               
      IPS-SDB:                                                                      
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      AV-SDB:                
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      SA-SDB:                                                                       
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      IP-REPUTATION:                                                            
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
      CNC:                                                                          
        Application Confirmation  : Disable                                         
        Schedule Update           : Enable                                          
        Schedule Update Frequency : Daily                                           
        Schedule Update Time      : 02:30                                           
    ------------------------------------------------------------                    

    # Run the display version ips-sdb command to check the configuration of the IPS signature database.

    [sysname] display version ips-sdb
    IPS SDB Update Information List:                                                
    ----------------------------------------------------------------                
      Current Version:                                                              
        Signature Database Version    : 2015041503                                  
        Signature Database Size(byte) : 2659606                                     
        Update Time                   : 12:02:10 2015/05/27                         
        Issue Time of the Update File : 16:06:30 2015/04/15                         
                                                                                    
      Backup Version:                                                               
        Signature Database Version    :                                             
        Signature Database Size(byte) : 0                                           
        Update Time                   : 00:00:00 0000/00/00                         
        Issue Time of the Update File : 00:00:00 0000/00/00                         
    ----------------------------------------------------------------                
    IPS Engine Information List:                                                    
    ----------------------------------------------------------------                
      Current Version:                                                              
        IPS Engine Version            : V200R002C00SPC060                           
        IPS Engine Size(byte)         : 3145728                                     
        Update Time                   : 12:02:10 2015/05/27                         
        Issue Time of the Update File : 10:51:45 2015/05/20                         
                                                                                    
      Backup Version:                                                               
        IPS Engine Version            :                                             
        IPS Engine Size(byte)         : 0                                           
        Update Time                   : 00:00:00 0000/00/00                         
        Issue Time of the Update File : 00:00:00 0000/00/00                         
    ----------------------------------------------------------------                
    
  4. Run the display firewall server-map command to check server-map entries generated by server load balancing.

    [sysname] display  firewall server-map slb
     Current Total Server-map : 3                                                   
     Type: SLB,  ANY -> 3.3.113.113[grp1/1],  Zone:---,  protocol:---               
     Vpn: public -> public                                                          
     Type: SLB,  ANY -> 2.2.112.112[grp1/1],  Zone:---,  protocol:---               
     Vpn: public -> public                                                          
     Type: SLB,  ANY -> 1.1.111.111[grp1/1],  Zone:---,  protocol:---               
     Vpn: public -> public                                                          
    
  5. Run the display firewall server-map command to check server-map entries generated by the NAT server function.

    [sysname] display  firewall server-map nat-server
     Current Total Server-map : 12                                                  
     Type: Nat Server,  ANY -> 1.1.15.15[10.1.10.20],  Zone: edu_zone ,  protocol:--
    -                                                                               
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.15.15[10.1.10.20],  Zone: isp1_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.16.16[10.1.10.20],  Zone: isp1_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.17.17[10.1.10.20],  Zone: isp1_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.15.15[10.1.10.20],  Zone: isp2_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.16.16[10.1.10.20],  Zone: isp2_zone ,  protocol:-
    --                                                                              
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 1.1.101.101[10.1.10.30],  Zone: edu_zone ,  protocol:
    ---                                                                             
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.102.102[10.1.10.30],  Zone: isp1_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.103.103[10.1.10.30],  Zone: isp1_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 2.2.104.104[10.1.10.30],  Zone: isp1_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.102.102[10.1.10.30],  Zone: isp2_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server,  ANY -> 3.3.103.103[10.1.10.30],  Zone: isp2_zone ,  protocol
    :---                                                                            
     Vpn: public -> public                                                          
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[3.3.16.16] -> ANY,  Zone: isp2_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[3.3.15.15] -> ANY,  Zone: isp2_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[2.2.17.17] -> ANY,  Zone: isp1_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[2.2.16.16] -> ANY,  Zone: isp1_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[2.2.15.15] -> ANY,  Zone: isp1_zone ,  pr
    otocol:---                                                                      
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.20[1.1.15.15] -> ANY,  Zone: edu_zone ,  pro
    tocol:---                                                                       
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[3.3.103.103] -> ANY,  Zone: isp2_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[3.3.102.102] -> ANY,  Zone: isp2_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[2.2.104.104] -> ANY,  Zone: isp1_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[2.2.103.103] -> ANY,  Zone: isp1_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[2.2.102.102] -> ANY,  Zone: isp1_zone ,  
    protocol:---                                                                    
     Vpn: public -> public,  counter: 1                                             
                                                                                    
     Type: Nat Server Reverse,  10.1.10.30[1.1.101.101] -> ANY,  Zone: edu_zone ,  p
    rotocol:---                                                                     
     Vpn: public -> public,  counter: 1                                             
                                                                                    
    
  6. Check session logs on the eSight.

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 15999

Downloads: 694

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next