How to Configure a Security Policy

Security policy configuration and management affect normal service running and network security. Before configuring and deploying security policies, you are advised to read Best Practices for Security Policies and How to Setup Security Policies carefully. The latter provides a low-risk method of deploying a security policy without affecting services.

Deeply understanding the internal protocol interaction process of services is important for configuring security policies. The prerequisite for configuring security policies to permit services is that you are familiar with service fundamentals (such as the protocol, port, and packet exchange process) and access relationship (source/destination IP address and source/destination security zone) on the network. The following TechNotes describe how to configure security policies to allow common services. For other services, you can configure security policies as needed.

• How to Configure Security Policies to Allow Management Protocols, including Telnet, FTP/TFTP, SSH (STelnet, SFTP, and SCP), ping and tracert, SNMP, HTTP/HTTPS, RESTCONF, NETCONF and log protocol.
• How to Configure Security Policies to Allow Basic Protocols, including DHCP, OSPF, BGP, BFD, and LDP.
• How to Configure Security Policies to Allow VPN, including IPsec VPN, GRE, L2TP VPN, and SSL VPN.
• How to Configure Security Policies to Allow NAT, including source NAT and destination NAT.
• How to Configure Security Policies to Allow SLB, including layer-4 load balancing, layer-7 load balancing, and SSL offloading.