Web overview | Web Overview | Introduces the Web-based management of the firewalls, including: l Loading the Web interface l Logging in to the Web interface l Saving the current configuration l Introduction to the Web interface layout l Web user level l Introduction to Web-based management functions l Introduction to common buttons on the Web-based management pages l Managing the Web-based management system through the CLI |
Device information | Device Information | Provides the device state and summary information, such as the resource state and device interface information. |
Firewall policy configuration wizard | Firewall Policy Configuraiton Wizard | Provides a way for fast configuration of firewall policies for virtual devices, and helps you configure object-oriented ACL parameters between zones. |
IPSec VPN configuration wizard | IPSec VPN Configuration Wizard | Helps you configure rapidly IPSec VPN–related configuration tasks, including: l Configuring a center node l Configuring a branch node l Configuring a peer node |
System time | System Time Configuration | Displays the system time and enables you to set the system time on the Web interface. l Setting system time |
Software upgrade | Software Upgrade Configuration | Guides you on how to download the software from a TFTP server to the device and update the device software. Software upgrade involves the following task: l Configuring software upgrade |
Configuration maintenance | Configuration Maintenance | Guides you on how to manage device configurations, including how to save the current configuration to a configuration file on the device, upload a configuration file to a TFTP server for backup, and download a configuration file from a TFTP server to the device for configuration restoration. Configuration maintenance involves the following tasks: l Saving the configuration l Backing up the configuration l Restoring the configuration |
Device reboot | Device Reboot Configuration | Describes how to reboot the device through the Web interface. Device reboot involves the following task: l Configuring device reboot |
Session management | Session Management | Session management is a common function that allows you to manage session-based applications such as network address translation (NAT), application specific packet filter (ASPF), and attack protection. Session management involves the following tasks: l Configuring basic session management settings l Viewing session table information l Viewing session relation table information l Viewing or clearing session statistics |
Interface management | Interface Management Configuration | Describes how to manage all the physical interfaces and two types of logical interfaces (loopback and null interfaces) of a device through the Web interface. Interface management involves the following tasks: l Creating an interface l Editing an interface l Shutting down/bringing up an interface l Viewing interface statistics l Deleting an interface |
Security zone management | Security Zone Management | A security zone is an abstract concept that can contain physical interfaces, logical interfaces, and L2 trunk interfaces + VLANs. Interfaces in the same security zone typically have the same security requirements in security policy control. With the concept of security zone introduced, the security administrator can divide interfaces with different security requirements into different zones for hierarchical policy management. Security zone management involves the following tasks: l Creating a security zone l Adding an interface to the security zone. |
Virtual device configuration | Virtual Device Configuration | The introduction of the virtual device concept allows you to divide a physical firewall device into multiple logical firewalls to support firewall rental service. Virtual device configuration involves the following tasks: l Creating a virtual device l Adding an interface to the virtual device l Adding a VLAN to the virtual device |
Device management | Device Management Configuration | l Specifying the system name of the device l If a user logs in to the Web interface without performing any operation within the specified period, the system automatically logs the user out to ensure the device security. |
VLAN | VLAN Configuration | The VLAN technology allows you to break a LAN down into separate VLANs that are isolated from each other at Layer 2. A VLAN is a broadcast domain, and all broadcast traffic is contained within it. VLAN configuration involves the following tasks: l Creating a VLAN l Modifying a port in a VLAN or a VLAN containing a specific port |
Route display | Route Display Configuration | Displays route information |
Static routing | Static Route Configuration | l Static routing overview l Configuring a static route |
DHCP | DHCP Configuration | DHCP is built on a client-server model, in which a client sends a configuration request and then the server returns a reply carrying the configuration parameters such as an IP address to the client. DHCP configuration involves the following tasks: l Enabling DHCP l Configuring the DHCP service type on an interface l Configuring a static address pool for the DHCP server l Configuring a dynamic address pool for the DHCP server l Configuring a DHCP service group |
DNS | DNS Configuration | Domain name system (DNS) is a distributed database used by TCP/IP applications to translate domain names into corresponding IP addresses. DNS configuration involves the following tasks: l Configuring static domain name resolution l Configuring dynamic domain name resolution |
Policy routing | Policy Routing Configuration | Policy routing is a mechanism that implements route selection based on the user-defined policies. Policy routing configuration involves the following tasks: l Creating a policy l Enabling local policy routing l Enabling interface policy routing |
Inline forwarding | Inline Forwarding | High-end firewalls support Layer 2 inline forwarding, that is, you can configure to have packets received on one interface directly forwarded out a specified interface. Inline forwarding configuration involves mainly the following task: l Configuring inline forwarding |
MAC address table management | MAC Address Table Management Configuration | A device maintains a MAC address table for frame forwarding. Each entry in this table indicates the MAC address of a connected device, the interface through which that device is connected and the VLAN to which the interface belongs. MAC address table management involves mainly the following tasks: l Adding a MAC address entry l Querying a MAC address entry |
MSTP | MSTP Configuration | The Multiple Spanning Tree Protocol (MSTP) overcomes the shortcomings of STP and RSTP. In addition to the support for rapid network convergence, it also allows data flows of different VLANs to be forwarded along separate paths, thus providing a better load sharing mechanism for redundant links. MSTP configuration involves mainly the following tasks: l Configuring an MSTP region l Configuring MSTP globally l Configuring MSTP on a port |
Local user | Local User | A local user is a user configured on the Network Access Server (NAS). A local user is identified by a unique user name. l Configuring a local user |
Online user | Online User | An online user refers to a user who has got online after passing AAA authentication. l Viewing online users |
RADIUS | RADIUS | Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol built on the client/server model to protect networks against unauthorized access. RADIUS configuration involves the following main tasks: l Configuring RADIUS server l Configuring RADIUS parameters |
HWTACACS | HWTACACS | Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492), used to implement Authentication, Authorization, and Accounting (AAA). HWTACACS configuration involves the following main tasks: l Creating a HWTACACS scheme l Configuring HWTACACS server l Configuring HWTACACS parameters |
Address object | Address Object Configuration | An address object in a broad sense can be an address object or address group object. Address object configuration involves the following main tasks: l Creating an address object l Creating an address group object |
Service object | Service Object Configuration | A service object defines a service by specifying the protocol to be carried by IP and the protocol-specific items, including default service object, customized service object, and service group object. Service object configuration involves the following main tasks: l Creating a customized service object l Creating a service group object |
Time range | Time Range Configuration | A time range object defines a time range, which can be referenced by an ACL to define when a rule is effective. Time range configuration involves the following main task: l Creating a time range object |
NAT address pool | NAT Address Pool Configuration | A Network Address Translation (NAT) address pool is a group of consecutive public IP addresses for address translation. NAT address pool configuration involves the following main task: l Creating a NAT address pool |
ACL | ACL Configuration | An access control list (ACL) is used to implement packet filtering based on the configured matching criteria and action of ACL rules. ACL configuration involves the following main tasks: l Creating an ACL l Configuring a basic ACL rule l Configuring an advanced ACL rule l Configuring a Layer 2 ACL rule |
NAT | NAT Configuration | Network Address Translation (NAT) translates an IP address to another IP address for a packet. NAT configuration involves the following main tasks: l Configuring NAT l Configuring one-to-one NAT l Enabling one-to-one NAT l Configuring an internal server |
ASPF policy | ASPF Policy Configuration | Application Specific Packet Filter policies (ASPF policies) are used to define packet processing rules on firewall products. Currently, the system supports configuration and statistics display of ASPF policies between zones. ASPF policy configuration involves mainly the following tasks: l Creating an ASPF policy l Displaying an ASPF policy l Viewing and clearing ASPF policy statistics |
Object-oriented ACL | Object-Oriented ACL Configuration | An object-oriented ACL is used for identifying traffic flows between security zones. Object-oriented ACL configuration involves mainly the following task: l Creating an object-oriented ACL rule |
Virtual fragment reassembly | Virtual Fragment Reassembly Configuration | The virtual fragment reassembly feature can virtually reassemble the fragments of a datagram through fragment check, sequencing and caching to ensure that fragments arrive at each service module in the correct order. If it detects attack fragments, it discards the fragments to protect the device. Virtual fragment reassembly configuration involves mainly the following task: l Configuring virtual fragment reassembly |
Traffic statistics | Traffic Statistics Configuration | Traffic statistics collection is a basic function of a firewall. By viewing traffic statistics, you can obtain the firewall traffic information, collect statistics in cooperation with other software, and audit network traffic behaviors. Traffic statistics configuration involves mainly the following tasks: l Configuring/disabling traffic statistics l Viewing security zone statistics information l Viewing IP statistics information |
Attack detection: | Attack Detection Configuration | Attack detection is an important facet of a firewall. A firewall detects attacks by analyzing the contents and behaviors of the packets passing by and acts based on the analysis result. Attack detection configuration involves mainly the following tasks: l Configuring a blacklist l Configuring signature identification l Configuring traffic anomaly detection l Viewing attack detection statistics |
URPF check | URPF Configuration | Unicast reverse path forwarding (URPF) check protects a network against attacks that are based on source address spoofing. URPF check configuration involves mainly the following task: l Configuring URPF check |
Checksum check | Checksum Check | Checksum check is used to check the checksum of protocol packets, such as TCP, UDP and ICMP packets. Checksum check configuration mainly involves the following task: l Enabling checksum check |
TCP proxy | TCP Proxy Configuration | TCP proxy is used to protect a server against SYN Flood attacks. TCP proxy configuration involves mainly the following tasks: l Configuring TCP proxy global parameters l Enabling TCP proxy l Creating an IP entry to be protected |
Dual-system hot backup management | Stateful Failover Configuration | Two security gateways are deployed to back up sessions for each other, to prevent service interruption caused by single point of failure. |
IKE | IKE Configuration | Internet Key Exchange (IKE) provides automatic key negotiation and SA establishment services for IP Security (IPSec), simplifying the application and management of IPSec dramatically. IKE configuration mainly involves the following tasks: l Configuring global IKE parameters l Configuring an IKE proposal l Configuring IKE DPD l Configuring an IKE peer |
IPSec | IPSec Configuration | IPSec refers to a series of protocols defined by the Internet Engineering Task Force (IETF) to provide high quality, interoperable, and cryptology-based security for IP packets. IPSec configuration involves mainly the following tasks: l Configuring an IPSec proposal l Configuring an IPSec policy template l Configuring an IPSec policy l Name of IPSec policy group |
PKI | PKI Configuration | The Public Key Infrastructure (PKI) is a hierarchical framework designed for providing information security through public key technologies and digital certificates and verifying the identities of the digital certificate owners. PKI configuration involves mainly the following tasks: l Requesting a certificate manually l Requesting a certificate automatically |
Log report | Log Report | The log report feature enables you to store the system messages or actions such as packet filtering to the log buffer or send them to the log hosts. Log report configuration mainly involves the following tasks: l Configuring logs l Viewing system operation log information l Viewing connection limit log information l Viewing attack prevention log information l Viewing blacklist log information |
Session log | Session Logging Configuration | The session log feature enables the network administrator to perform security audit. With this feature, the information about user access, IP address translation and user traffic can be logged and the information can be sent in a specified format to the log server. Session log configuration involves mainly the following tasks: l Configuring a log output policy l Configuring a log output threshold |
Forwarding statistics | Frame Forwarding Statistics | The forwarding statistics feature provides forwarding statistics on all Layer 2 interfaces. |
Load balancing | Load Balancing Configuration | Load balancing is a clustering technology of servers and network devices. By balancing specific services such as network services and network traffic among servers and network devices, it can improve the service processing capability and guarantee high service availability. Perform the following tasks to configure load balancing: l Configuring a real service group l Configuring real services l Configuring virtual services l Configuring health monitoring l Enabling last hop information saving |
P2P traffic control | P2P Traffic Control Configuration | P2P traffic control is implemented by combining P2P recognition and QoS traffic control. Perform the following tasks to configure P2P traffic control and verify your configuration: l Loading the P2P signature file l Enabling P2P traffic recognition l Configuring a protocol group l Displaying traffic statistics |
QoS | QoS Configuration | Quality of Service (QoS), feature for providing differentiated services as per delay, jitter, and packet loss rate. Perform the following tasks to configure QoS: l Configuring classes l Defining the match criteria l Configuring traffic behaviors l Configuring the actions of the traffic behaviors l Configuring a policy l Defining the mappings between classes and traffic behaviors for the policy l Applying the policy to an interface |
