Can an AR filter traffic based on the domain name

3


An AR can filter traffic based on the domain name. Configure an ACL to match the domain name and then configure a traffic policy to limit the access.
The following describes how to configure an ACL to match the domain name (the domain name is www.huawei.com):
[Huawei] acl 6000
[Huawei-acl-ucl-6000] rule permit ip destination passthrough-domain www.huawei.com

Other related questions:
Does an AR support access to the SSL VPN gateway using a domain name
In V200R002C00SPC200 and later versions, the AR supports access to the SSL VPN gateway using a domain name.

Whether the USG2000 and USG5000 series support the NAT based on domain names accessed by intranet users
USG firewalls do not support NAT based on domain names accessed by intranet users. To allow users to access specified websites, you can configure the URL filtering.

Configure the traffic-filter command to filter packets
On Eth2/0/0, you can configure packet filtering based on an ACL that permits packets with source IP address 192.168.0.2/32 as follows: system-view [Huawei] acl 3000 [Huawei-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0 [Huawei-acl-adv-3000] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] traffic-filter inbound acl 3000

Can a traffic classifier on an AR be used to match the packet length
A traffic classifier on an AR cannot be used to match the packet length.

Configure the ACL-based packet filtering firewall on an AR router
The packet filtering firewall filters packets based on a configured ACL. If data flows occur between two security zones, the packet filtering firewall implements filter policies according to ACL rules. In the system view: Run the acl [ number ] acl-number [ match-order { config | auto } ] command to create an ACL and access the ACL view. Note: The ACLs that can be used by the packet filtering firewall include basic ACLs and advanced ACLs. Run the rule command in the ACL view to configure ACL rules. Run the quit command to return to the system view. Run the firewall interzone zone-name1 zone-name2 command to access the interzone view. Run the packet-filter acl-number { inbound | outbound } command to configure the ACL-based packet filtering firewall. The ACL-based packet filtering firewall configured for the interzone can be specific to the inbound and outbound directions, respectively. For details about the commands for configuring the ACL-based packet filtering firewall of AR series routers, see the URL: The AR router configures the ACL packet filtering firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top