How do I configure the NAT log output on the AR router


NAT logs are generated when the AR performs address translation. The logs record the source IP address, source port, destination IP address, destination port, and translated source IP address and source port, as well as user actions and timestamp. The configuration is as follows:
[Huawei] firewall log session enable //Enables the log function on the firewall. [Huawei] firewall log session nat enable //Enables the NAT session log function. Run the following commands to output logs to the log host or session log host:
1. Configure the device to use channel6 to send information to the log host at
[Huawei] info-center enable
[Huawei] info-center loghost channel channel6
2. Configure a binary log server whose IP address is and port number is 3456. Set the IP address and port number of the remote device to and 20000 respectively.
[Huawei] firewall log binary-log host 3456 source 20000

Other related questions:
How do I query the Log of an AR router?
The Log can be queried through the following Web site:

How do I connect the NAT server on the AR router to two uplinks
A Huawei AR router provides dual egresses of the NAT server. The web server uses internal IP address and port 8080. The IP address of GE2/0/0 (outbound interface) on the router is, and the IP address of GE3/0/0 is The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 24 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0 and GE3/0/0. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global www inside 8080 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global www inside 8080 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 [Huawei-GigabitEthernet3/0/0] quit

How do I configure NAT on the AR router to map the intranet VPN
You can configure NAT on the AR router to enable users in different VPNs to access external networks through the same egress. In this situation, users in VPNs where IP addresses overlap can access hosts on external networks simultaneously. Run the nat overlap-address map-index overlappool-startaddress temppool-startaddress pool-length length [ inside-vpn-instance inside-vpn-instance-name ] command to map VPNs of the internal network.

Is the network disconnected after the ACL in the NAT configuration of the AR router is modified
To modify an ACL that is associated with the IP address of an outbound interface, you must first run the undo nat outbound acl-number command to disassociate the ACL from the IP address, resulting in network interruption.

How do I view the NAT session table on the AR router
Run the display nat session all command to check NAT session table information.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top