No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Flow

Configuration Flow

Table 8-5 shows the configuration flow of the solution.

Table 8-5  Configuration flow
Item Procedure Operation Description
CPE 1 Configure the uplink and downlink interface data.

Mandatory

You can configure the data based on the actual interface and IP address planning.

2 Configure the NAT function.

Mandatory

You can set the NAT mode for the interface IP addresses to NAPT (Easy IP). The private IPv4 addresses of the users are translated into the private IPv4 addresses of the carrier.

3 Configure the 6RD tunnel.

Mandatory

The 6RD tunnel that connects to the CGN is created to implement the interaction between IPv6 users.

3.1 Specify the encapsulation type of the tunnel.

Mandatory

The encapsulation type of the tunnel is ipv6-ipv4 6rd.

3.2 Specify the source address or source interface of the tunnel.

Mandatory

  • It specifies the source address or source interface of the 6RD tunnel. You can specify the IPv6 address of the interface that is connected to the IPv6 network as the source address of the tunnel, or directly specify the interface as the source interface.
  • You can specify either a physical interface or a logical interface such as the loopback interface as the source interface of the tunnel.
3.3 Configure the 6RD prefix and prefix length.

Mandatory

It is the IPv6 address prefix used by the carrier and serves as a part of the 6RD delegated prefix.

3.4 Configure the IPv4 prefix length of the 6RD tunnel.

Mandatory

The IPv4 prefix length indicates that the high-order bits of the length is deleted from the source IPv4 address of the tunnel and other bits form a part of the 6RD prefix.

3.5 Specify the 6RD BR IPv4 address.

Mandatory

Different from the CGN, the CPE requires specific 6RD BR IPv4 address, that is, the private IPv4 address (10.1.2.1/24) that connects the CGN to the internal MAN.

3.6 Configure the interface address of the 6RD tunnel.

Mandatory

The interface address of the 6RD tunnel is configured based on the 6RD delegated prefix that includes the 6RD prefix and a part of or the entire IPv4 address.

4 Configure routes.

Mandatory

Routes include the IPv4 service route and IPv6 service route. You can configure the route based on the route planning in Service Planning.

CGN 1 Configure the uplink and downlink interface data.

Mandatory

You can configure the data based on the actual interface and IP address planning.

2 Configure the NAT function.

Mandatory

The NAT function is used to translate private IPv4 addresses of the carrier to the public IPv4 address.

2.1 Configure the NAT address pool

Mandatory

The NAT address pool is a collection of consecutive IP addresses. When a packet from the private network reaches the public network through NAT, an address in the NAT address pool is selected as the IP address after translation.

Set the pre-allocated port block size in the address pool for the pre-allocation of port resources for NAT to the CPE.

2.2 Configure the NAT policy.

Mandatory

Specify the security interzone in which the NAT policy takes effect and the NAT address pool referenced in the NAT policy.

3 Configure the 6RD tunnel.

Mandatory

The 6RD tunnel that connects to the CPE is created to implement the interaction between IPv6 users.

3.1 Specify the encapsulation type of the tunnel.

Mandatory

The encapsulation type of the tunnel is ipv6-ipv4 6rd.

3.2 Specify the source address or source interface of the tunnel.

Mandatory

  • It specifies the source address or source interface of the 6RD tunnel. You can specify the IPv6 address of the interface that is connected to the IPv6 network as the source address of the tunnel, or directly specify the interface as the source interface.
  • You can specify either a physical interface or a logical interface such as the loopback interface as the source interface of the tunnel.
3.3 Configure the 6RD prefix and prefix length.

Mandatory

It is the IPv6 address prefix used by the carrier and serves as a part of the 6RD delegated prefix.

3.4 Configure the IPv4 prefix length of the 6RD tunnel.

Mandatory

The IPv4 prefix length indicates that the high-order bits of the length is deleted from the source IPv4 address of the tunnel and other bits form a part of the 6RD prefix.

3.5 Configure the interface address of the 6RD tunnel.

Mandatory

The interface address of the 6RD tunnel is configured based on the 6RD delegated prefix that includes the 6RD prefix and a part of or all the IPv4 addresses.

4 Configure routes.

Mandatory

Routes include the IPv4 service route and IPv6 service route. You can configure the route based on the route planning in Service Planning.

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16079

Downloads: 694

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next