Shulou(Shulou.com)06/01 Report--

This paper briefly introduces the initialization steps of Huawei firewall USG6306.

Huawei FW can be managed in two ways when it is shipped from the factory:

1. Connect the Console interface using the Console cable

two。 Use the network cable to connect to the network management interface G0Accord 0, this network port can not run business, used for network management. The default IP address is 192.168.0.1 Universe 24, and the notebook is set to log in using web pages on the same network segment. The default login address is https://192.168.0.1:8443. User name: admin, password Admin@123

To initialize:

1. Security zone. There are Trust, Untrust and DMZ zones by default

two。 Configure the interface with an IP address and add the network where the interface is located to the security zone

Public network interface:

Interface GigabitEthernet1/0/0

Undo shutdown

Ip address X.X.X.X 255.255.255.248

Gateway X.X.X.X

Private network interface:

Interface GigabitEthernet1/0/2

Undo shutdown

Ip address 192.168.X.X 255.255.255.0

Service-manage http permit

Service-manage https permit

Service-manage ping permit

Service-manage ssh permit

Security zone:

Firewall zone trust

Set priority 85

Add interface GigabitEthernet0/0/0

Add interface GigabitEthernet1/0/2

#

Firewall zone untrust

Set priority 5

Add interface GigabitEthernet1/0/0

3. Configure security policy to allow Trust-- > Untrust traffic

Security-policy

Rule name trusttountrust

Description intranet users surf the Internet

Source-zone trust

Destination-zone untrust

Action permit

4. Configure the NAT policy to allow source addresses for NAT translation.

Nat-policy

Rule name policy-nat1

Source-zone trust

Egress-interface GigabitEthernet1/0/0

Action source-nat address-group addressgroup1

Nat address-group addressgroup1 0

Mode pat

Route enable

Start and end addresses in the section 0 A.A.A.A B.B.B.B # address pool. Huawei recommends that interface addresses not be placed in the address pool

5. Configure routes, including default routes and return packet routin

Ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/0 X.X.X.X

The return packet route is specified according to the network segment of its own intranet, in the same format as the switch.

The initialization can be configured either from the command line or from a web page.

Next, you can test whether you can surf the Internet.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.