Method of generating a blacklist of a firewall on an AR router


Sources of blacklists include:
- Manually configured static blacklists
- Dynamic blacklists generated due to scan attacks

Other related questions:
Blacklist generation method
Sources of blacklists include: 1. Manually configured static blacklists 2. Dynamic blacklists generated due to scan attacks

Configure security features of a virtual firewall on an AR router
The procedure of configuring security features for a virtual firewall is the same as that of configuring for a common firewall. Each firewall must be separately deployed to meet different firewall service requirements. Security features that can be configured include: packet filtering firewall, ASPF, port mapping, session table aging time, and attack defense. Before configuring the following features, specify a VPN instance: manually adding a blacklist/whitelist and configuring ICMP/SYN/UDP flooding defense. The configured features take effect to the firewall only according to the specified VPN instance. For details about the command for configuring security features of a virtual firewall, see the URL: The AR router configures the security features of the virtual firewall .

Configure a blacklist of an AR router
A blacklist can be manually configured. After the address scan and port scan functions of the attack defense module are enabled on an AR router, an IP address (or an interface) for which the packet rate exceeds a set value can be automatically added into a blacklist to shield packets sent from this IP address (or through this interface) as the router considers the rate excess as a scan attack. To configure a blacklist, do as follows: Run the system-view command to access the system view. [Huawei] firewall blacklist enable //Enable the blacklist function. By default, the blacklist function is not enabled. Blacklist entries can be added one by one or in batches. [Huawei] firewall blacklist ip-address [ vpn-instance vpn-instance-name ] [ expire-time minutes ] //Add blacklist entries one by one. Note: Blacklist entries without specified aging time will be written into a configuration file, while those with specified aging time will not. Run the display firewall blacklist command to check the blacklist entries without specified aging time. [Huawei] firewall black-white-list load configuration-file configuration-file-name //Load the configuration file of the blacklist/whitelist. Note: By loading the configuration file of the blacklist/whitelist, blacklist entries can be configured in batches. This configuration file must be configured in advance, and it supports only the text format. For details about how to configure the blacklist function of AR series routers using command lines and through the web NMS, see the URL: AR router configuration blacklist.

What are types of blacklists (firewall)
There are two types of blacklists: -Static blacklists that are configured manually. -Dynamic blacklist that are generated when the system detects scanning attacks.

Does an AR router support the firewall function
All AR series routers support the firewall function.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top