No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
Huawei Firewall Security Policy Essentials
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Protocol Control Switch

Basic Protocol Control Switch

Whether BGP, BFD, DHCP, DHCPv6, LDP, and OSPF are controlled by security policies is determined by the basic protocol control switch (which can be configured using the firewall packet-filter basic-protocol enable command). To quickly access a network, you can run the undo firewall packet-filter basic-protocol enable command to disable security policy control for these protocols.

The default status of the basic protocol control switch and the controlled protocol type vary depending on the model and version of firewalls. Table 8-1 lists the default status of the basic protocol control switch on different models and versions.

Table 8-1 Support for the basic protocol control switch

Product Model

Version

Default Setting

OSPF

OSPFv3

BGP

BGP4+

LDP

BFD

DHCPv4

DHCPv6

USG6000E

V600R006C00 and later versions

Disabled in V600R006C00 and enabled in V600R007C00 and later versions.

Y

Y

Y

Y

Y

Y

N

Y

USG6000

V100R001C10SPC100 and later versions

Enabled in V100R001C10SPC100 and later versions

Disabled in V100R001C30SPC700 and later versions

Y

Y

Y

Y

Y

Y

Y

Supported in V100R001C30SPC700 and later versions

N

USG6000

V500R001C00 and later versions

Enabled in V500R001C00 and later versions

Enabled in V500R001C20 and later versions

Enabled in V500R005C20SPC300 and later versions

Y

Y

Y

Y

Y

Y

N

Y

Supported in V500R001C30 and later versions

USG9500

Supported only in V300R001C01SPCa00

Disabled

Y

Y

Y

Y

Y

N

N

Y

USG9500

V500R001C00 and later versions

Enabled in V500R001C00 and later versions

Disabled in V500R001C20 and later versions

Enabled in V500R005C20SPC300 and later versions

Y

Y

Y

Y

Y

Y

Supported in V500R001C30 and later versions

Y

Supported in V500R001C30 and later versions

Y

Supported in V500R001C30 and later versions

The basic protocol control switch setting of the NGFW Module is the same as that of the USG6000. Y indicates that the firewall packet-filter basic-protocol enable command supports the protocol, and N indicates that the firewall packet-filter basic-protocol enable command does not support the protocol.
Translation
简体中文
Download
Updated: 2023-04-06

Document ID: EDOC1100172313

Views: 125047

Downloads: 564

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :