Publication Date: 2016-06-24 | Views: 342 | Downloads: 0 | Author: a84053107 | Document ID: EKB1000125083
If you have an AR router and want to secure it from a network point of view this is the way you should do it.
For example in this KB we will illustrate how to close port 21 (FTP) and 22 (SSH) in order to prevent logged in throught public networks.
Apply the commands highlighted below for obtaining a more secured network.
Please conduct the following commands in order to deny FTP and SSH from being accessed from public networks and allowing to be accessed just by the private IPs:
Enter system view, return user view with Ctrl+Z.
[Huawei-acl-adv-3000]rule permit tcp source 192.168.X.X 0.0.0.255 source-port eq 21
[Huawei-acl-adv-3000]rule permit tcp source 192.168.X.X 0.0.0.255 source-port eq 22
[Huawei-acl-adv-3000]rule deny tcp source-port eq 21
[Huawei-acl-adv-3000]rule deny tcp source-port eq 22
[Huawei-Ethernet0/0/0]traffic-filter inbound acl 3000
[Huawei-Ethernet0/0/0]nat server protocol udp global current-interface snmp inside 192.168.8.16 snmp
[Huawei-Ethernet0/0/0]nat server protocol tcp global current-interface any inside 192.168.8.11 any
[Huawei-Ethernet0/0/0]nat outbound 3000 address-group 1
NOTE: 192.168.X.X -> inside Server's IP address