No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring User Tracing

Configuring User Tracing

Context

The firewall sends binary session logs and IM logs to the eLog. TheeLog collects, stores, and analyzes the logs. The pre-NAT IP addresses and IM online and offline activities can be obtained from these logs to meet audit requirements.

Procedure

  1. Configure a log host on FW_A.

    HRP_M[FW_A] firewall log host 1 10.0.10.30 9002
    HRP_M[FW_A] firewall log source 10.0.5.1 6000

  2. Enable session log in the security policies of FW_A.

    HRP_M[FW_A] security-policy
    HRP_M[FW_A-policy-security] rule name trust_to_isp1
    HRP_M[FW_A-policy-security-rule-trust_to_isp1] session logging
    HRP_M[FW_A-policy-security-rule-trust_to_isp1] quit
    HRP_M[FW_A-policy-security] rule name trust_to_isp2
    HRP_M[FW_A-policy-security-rule-trust_to_isp2] session logging
    HRP_M[FW_A-policy-security-rule-trust_to_isp2] quit
    HRP_M[FW_A-policy-security] quit

  3. Enable IM log sending on FW_A.

    HRP_M[FW_A] firewall log im enable

  4. Configure the source IP and port that FW_B uses to send logs to the log host. This configuration does not support backup.

    HRP_S[FW_B] firewall log source 10.0.6.1 6000

  5. Configure SNMP V3 on FW_A.

    HRP_M[FW_A] snmp-agent sys-info version v3
    HRP_M[FW_A] snmp-agent group v3 NMS1 privacy
    HRP_M[FW_A] snmp-agent usm-user v3 admin1 group NMS1
    HRP_M[FW_A] snmp-agent usm-user v3 admin1 authentication-mode md5 cipher Admin@123abcdefg1234567890abccba10
    HRP_M[FW_A] snmp-agent usm-user v3 admin1 privacy-mode aes256 cipher Admin@123abcdefg1234567890abccba10

  6. Configure SNMP V3 on FW_B. This configuration does not support backup.

    HRP_S[FW_B] snmp-agent sys-info version v3
    HRP_S[FW_B] snmp-agent group v3 NMS1 privacy
    HRP_S[FW_B] snmp-agent usm-user v3 admin1 group NMS1
    HRP_S[FW_B] snmp-agent usm-user v3 admin1 authentication-mode md5 cipher Admin@123abcdefg1234567890abccba10
    HRP_S[FW_B] snmp-agent usm-user v3 admin1 privacy-mode aes256 cipher Admin@123abcdefg1234567890abccba10

  7. After eLog configuration is complete, choose Log Analysis > Session Analysis > IPv4 Session Log on the eLog to view session logs. Choose Log Analysis > Cyber Security Analysis > IM to view IM logs.
Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16454

Downloads: 708

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next