Does an AR record the websites accessed by intranet users


An AR router does not record the websites accessed by intranet users.

Other related questions:
Configure NAT on the AR to permit Internet access and allow external users to access internal servers
Huawei AR routers support outbound NAT and NAT server to allow the intranet users to access the Internet and external users to access internal servers. The figure on the right page shows the networking diagram. Eth2/0/0 on the router connects to the internal network and its intranet IP address is GE3/0/0 on the router connects to the external network and its extranet IP address is The internal server has an internal IP address and an external IP address The internal host with the IP address wants to access the internal server. The configuration details are as follows: 1. Configure IP addresses for interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route with next-hop address on the router. [Huawei] ip route-static 3. Configure outbound NAT in Easy IP mode to allow internal users to access external networks. [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 4. Configure the NAT server to allow external users to access the internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global www inside 8080 [Huawei-GigabitEthernet3/0/0] quit Note: The command that configures the NAT server function takes effect on Layer 3 interfaces, excluding Loopback and NULL interfaces.

How does an AR limit intranet users to access the network
An AR can be configured with a traffic policy to limit intranet users to access the network.
If an intranet user uses the static IP address, a traffic policy can be configured to deny the intranet user. If a terminal device obtains an IP address using DHCP, the IP address of the terminal device that is limited to access the network needs to be determined.
This prevents the impact on other users' Internet access after the address is released and allocated to other terminals.
The configuration roadmap is as follows:
Create an ACL and configure rules that match the IP or MAC addresses of users who are limited to access the network (ensure that users are connected to the router directly or through a switch). For example:
Create an ACL based on IP addresses.
[Huawei] acl 3000  //Create ACL 3000
[Huawei-acl-adv-3000] rule permit ip source   //Match terminal of the intranet.
[Huawei-acl-adv-3000] rule permit ip source  //Match terminal of the intranet.
Create a traffic classifier that matches acl 3000.
[Huawei] traffic classifier c1
[Huawei-classifier-c1] if-match acl 3000
Create a traffic behavior to limit the matched IP address to access the network.
[Huawei] traffic behavior b1
[Huawei-behavior-b1] deny 
Create a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy.
[Huawei] traffic policy test 
[Huawei-trafficpolicy-test] classifier c1 behavior b1
Apply the traffic policy test to the interface.
[Huawei] interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-policy test inbound 
Using the same method to match source MAC addresses except for creating an ACL. For example, permit users with the intranet MAC address 1122-1122-1122 to access the network.
[Huawei] acl 4000 //The Layer 2 ACL number must be in the range 4000 to 4999.
[Huawei-acl-L2-4000] rule permit source-mac 1122-1122-1122
Use the preceding profile to perform other configurations.

Can an AR prevent users from accessing websites
AR150&160&200&1200 and AR2200 (AR2201 and AR2202) series routers do not support deep security defense, which means URL filtering is not supported. URL filtering can only be applied to HTTP URLs.

Whether the USG2000 series records websites accessed by a user
The USG2000 series records only websites in compliance with the URL audit log configuration instead of all websites accessed by a user.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top