How to Configure Security Policies to Allow HTTP, HTTPS, and RESTCONF
The firewall provides an easy-to-use web UI. You can access the HTTP server service on the firewall through a browser to perform most configuration and management tasks. By default, the HTTPS service is enabled on a firewall. The service port number is 8443 and cannot be changed. HTTP page access requests initiated by the browser will be redirected to HTTPS pages.
RESTCONF provides core NETCONF functions using HTTP methods. The programming interface complies with the RESTful style of the IT industry and provides users with the capability of efficiently developing web O&M tools. RESTCONF is based on the HTTPS service. The default service port is 8447. (In some firewall versions, the HTTP service can be used, and the HTTP service port is 8448.)
Security policies need to be configured for traffic from the browser to the web UI or from the RESTCONF interface to the firewall. Security policies also need to be configured for the traffic for access to the web UI or RESTCONF interface of a switch. The following uses HTTPS (port 443) and RESTCONF (port 8443) as examples to describe the security policies that permit access to the switch.
No. |
Name |
Source Security Zone |
Destination Security Zone |
Source Address/Region |
Destination Address/Region |
Service |
Action |
|---|---|---|---|---|---|---|---|
101 |
Allow web ui of firewall |
Trust |
Local |
10.1.1.10/24 |
10.1.1.1/24 |
https (TCP: 8443) |
permit |
102 |
Allow restconf of firewall |
Trust |
Local |
10.1.1.10/24 |
10.1.1.1/24 |
restconf (TCP: 8447) |
permit |
103 |
Allow web ui of switch |
Trust |
Untrust |
10.1.1.10/24 |
10.1.2.10/24 |
https (TCP: 443) |
permit |
104 |
Allow restful of switch |
Trust |
Untrust |
10.1.1.10/24 |
10.1.2.10/24 |
restful (TCP: 8443) |
permit |