No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Typical Networking

Typical Networking

Figure 3-4 shows the typical networking of firewalls at the Internet egress.

  • Core switches SW1 and SW2 are stacked. Egress aggregation switches SW7 and SW8 are stacked. Firewalls are located between core switches and egress aggregation switches. They work in Layer 3 active/standby hot standby mode.
  • VRRP is configured on the interfaces connecting the firewalls to the upstream and downstream devices. The firewalls use the VRRP virtual IP addresses to communicate with the upstream and downstream devices.
  • Employees on the move and firewalls establish SSL VPN connections with the firewalls for secure access to the intranet.
  • A firewall is deployed at the Internet egress of a branch, which establishes an IPSec VPN connection with the firewall at the Internet egress of the headquarters. Data is transmitted between the branch and data center over the IPSec VPN.
  • Some servers in the DMZ are pre-service servers that need to provide services for Internet users. Therefore, the firewalls at the Internet egress must have NAT Server configured to map the servers' private IP addresses to public IP addresses.
Figure 3-4  Typical networking of firewalls at the Internet egress
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16660

Downloads: 717

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next