National Research and Education Network
Education Cloud Data Center
Multi-Channel HD Telemedicine Solution
Over The Top/Multi-Tenant Data Center (OTT/MTDC)
Internet Exchange Point (IXP)
Internet Access Provider (IAP)
Design & Simulation
Planning & Analytics
Oil & Gas IoT
HPC & Operations Management
Digital Urban Rail
Retail Cloud Platform
Enterprise Data Center
Enterprise Cloud Communications
Network Management System
Buy from Huawei
If you want to get more information about your project, you can submit your information and we will contact you as soon as possible.
If your company has signed an eDeal contract with Huawei, please buy your required product/solution via the link below.
Buy from resellers
Search for a nearby reseller and get direct contact information.
Become a Partner
Resources and Support
Huawei Authorized Learning Partner
Huawei Authorized Information and Network Academy
The security policies creted based on users are not being matches by these users when they authenticate via SSL.
In this scenario the SSL VPN configuration is working, the scope is to implement policy filtering based on authenticated users.
This example will take reference to upper scenario.
->in this scenario SSL VPN was configured, and is working.
->the remote users can access the SSL VPN gateway
->users were created
->two users are being authenticated via SSL VPN
=>diferentiate permission is wanted for users, for example, CLIENT1 to have access all internal network and for CLIENT2 to have access only to Server
First Step: create security policies for both users
->for the sake of simplicity, security policies focus on User filter.
Source Zone: any
Destination Zone: any
=>the policy will permit clien1 to have acces to LAN network
Source Zone any
Destination Zone any
Destination Address/Region 220.127.116.11/32
Action Select Permit.
=>the policy will permit client2 to have access only to server from LAN
If only this is configured the policies will not take effect for client1 and client2 users, the policies will not be matched.
under Policy -> Authentication Policy
Source zone: any
Dest zone: any
Source address: <virtual ip range configured for SSL users>
Destination address: any
After the Authentication Policy was configured the firewall will implement filtering based on security policies created for users.
->client1 will have access to all LAN network
->client2 will have access conform policy , to server.
Verification if the configuration is working:
a. Verify the Security Policy counter is matched
b. Input "display firewall session verbose", the Username appears in the result