Security Policy Configuration Modes
Huawei firewalls provide multiple modes for configuring a security policy. You can choose to use the CLI, web UI, or northbound interfaces including RESTCONF and NETCONF interfaces to configure a security policy. The following example describes how to configure a security policy using the CLI and web UI.
To allow devices on network segments 192.168.1.0/24 and 192.168.2.0/24 in the Trust zone to access the Internet, you need to create a security policy in Table 2-1.
No. |
Name |
Source Security Zone |
Destination Security Zone |
Source Address/Region |
Destination Address/Region |
User |
Service |
Action |
|---|---|---|---|---|---|---|---|---|
101 |
Allow access to the Internet |
Trust |
Untrust |
192.168.1.0/24 192.168.2.0/24 |
any |
any |
http https |
permit |
The configuration on the web UI is as follows.
The configuration on the CLI is as follows:
<sysname> system-view [sysname] security-policy [sysname-policy-security] rule name "Allow access to the Internet" [sysname-policy-security-rule-Allow access to the Internet] source-zone trust [sysname-policy-security-rule-Allow access to the Internet] destination-zone untrust [sysname-policy-security-rule-Allow access to the Internet] source-address 192.168.1.0 mask 24 [sysname-policy-security-rule-Allow access to the Internet] source-address 192.168.2.0 mask 24 [sysname-policy-security-rule-Allow access to the Internet] service http https [sysname-policy-security-rule-Allow access to the Internet] action permit [sysname-policy-security-rule-Allow access to the Internet] quit [sysname-policy-security]