No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verification

Verification

  1. Run the display hrp state command on FW_A to check the HRP status. If the following information is displayed, HRP is successfully configured.

    HRP_M[FW_A] display hrp state
     Role: active, peer: standby 
     Running priority: 46002, peer: 46002
     Backup channel usage: 7%
     Stable time: 0 days, 0 hours, 12 minutes
  2. Run the shutdown command on GigabitEthernet 1/0/2 or GigabitEthernet 1/0/3 of FW_A or FW_C to simulate a link failure. The active/standby switchover is properly performed, and services are not interrupted.

  3. Run the display firewall session table command on FW_A to view address translation information. RADIUS server address 3.3.3.4 is used as an example.

    HRP_M<FW_A> display firewall session table
    Current Total Sessions : 1
      http  VPN:public --> public  3.3.3.4:8080-->3.3.3.3:8080[10.3.0.10:80]
  4. Run the display nat-policy rule rule-name command on FW_C to check the source NAT policy match count. If the value is 1 or greater, there are data flows matching the source NAT policy.

  5. Run the display firewall session table command on FW_C to search for an entry whose source address is the private address of the SCG. If the entry exists and the post-NAT IP address exists in the NAT address pool, the NAT policy is successfully configured. Information in the square brackets ([]) is the post-NAT IP address and port. Address 3.3.3.30 at the Internet side is used as an example.

    HRP_M<FW_C> display firewall session table
    Current Total Sessions : 1
     http  VPN:public --> public  10.3.1.0:2474[1.1.1.10:3761]-->3.3.3.30:8080
  6. If the RADIUS server can access intranet servers, server mappings are successfully configured.

  7. Users can access the Internet by using their mobile phones.

  8. The SCG can implement service-based charging and bandwidth control.

Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16478

Downloads: 708

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next