No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
Huawei Firewall Security Policy Essentials
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How to Configure Security Policies to Allow BGP

How to Configure Security Policies to Allow BGP

BGP runs by sending five types of BGP messages: Open, Update, Notification, Keepalive, and Route-refresh. A TCP connection is set up between two adjacent devices. Then, the two devices exchange Open messages to set up a BGP peer relationship and send Keepalive messages to confirm and maintain the peer relationship. BGP peers send Update, Notification, and Route-refresh messages to exchange routing information, error information, and route refresh capabilities.

All BGP messages are transmitted in unicast mode. Therefore, security policies need to be configured to permit traffic in both directions. BGP uses TCP port 179.

Table 8-7 Security policy example — BGP

No.

Name

Source Security Zone

Destination Security Zone

Source Address/Region

Destination Address/Region

Service

Action

101

Allow bgp out

Local

Untrust

10.1.1.10/24

10.1.2.10/24

bgp (TCP: 179)

permit

102

Allow bgp in

Untrust

Local

10.1.2.10/24

10.1.1.10/24

bgp (TCP: 179)

permit
Translation
简体中文
Download
Updated: 2023-04-06

Document ID: EDOC1100172313

Views: 123941

Downloads: 558

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :