No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Conclusion and Suggestions

Conclusion and Suggestions

The selection of the three schemes for the CGN solution depends on the deployment of IPv4 and IPv6 protocols on the network. The three schemes corresponds respectively to IPv4-dominated network, IPv4 and IPv6 coexistent network, and IPv6-dominated network.

  • IPv4-dominated network

    Use NAT444 as the major transitional technology to save public addresses as many possible. Configure port pre-allocation for early planning of the ports for translation, which ensures proper utilization of the ports. In addition, configure linkage with the log server to resolve the issue of user tracing.

    Use IPv6 tunneling to enable the access between the small number of IPv6 users on the network.

  • IPv4 and IPv6 coexistent network

    Use NAT444 and port pre-allocation in combination for IPv4 services to save public addresses and facilitate the ease of user tracing.

    Because IPv6 has been deployed on the network, the access between IPv6 services can be implemented through IPv6 route query.

    The access between IPv6 and IPv6 services can be completed through NAT64.

  • IPv6-dominated network

    IPv6 services on the network can access each other through IPv6 route query without the need of any transitional technology.

    The access between the small quantity of IPv4 services can be completed through DS-Lite. You can also configure port pre-allocation to pre-allocate ports for the users and provide user tracing.

    The access between IPv6 and IPv6 services can be completed through NAT64.

Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16759

Downloads: 721

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next