How to enable the deep security defense function on an AR router

21

By default, the deep security defense function is limited and cannot be used. To use this function, users must obtain a license. Users can contact a branch office of Huawei to apply for and purchase a license.

Other related questions:
Does the deep security defense function of an AR router need a license
Whether the deep security defense function of an AR router needs a license is subject to the router model and software version. For details, see the product manuals of corresponding software versions. For example, for a router with the V200R007 software, choose IPS Configuration > Configuration Notes and URL Filtering Configuration > Configuration Notes in the Security Configuration Guide > Deep Security Defense Configuration through the URL: AR100&AR120&AR150&AR160&AR200&AR1200& AR1600&AR2200&AR3200&AR3600 V200R007 Product Documentation.

How to check whether configured deep security defense security takes effect on an AR router
If the configuration procedure of deep security defense is correct, simulate an attack to verify whether the configured deep security defense takes effect.

Configure attack defense on an AR router
Attack defense mainly defends the CPU against attack packets to ensure that the server can normally run in case of an attack. Attack defense configuration is composed of the following parts: enabling attack defense, (optional) configuring flooding defense parameters, super-large ICMP packet defense parameters, and scan attack defense parameters, and checking configuration result. By default, no type of attack defense is enabled. For details about how to configure attack defense of AR series routers using command lines and through the web NMS, see the URL: AR router configuration attack defense .

How to enable the web function on an AR router
The methods of enabling the web function on an AR router are as follows: Method 1: Default web login 1. Connect a PC to the router over the management interface through a network cable. 2. Configure an IP address for the PC. Configurable network segment: 192.168.1.2~192.168.1.254. 3. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 4. Enter login information. 5. Configure the router through the web NMS page. Note: If you cannot enter the web NMS page, the software version you use does not support the default web login method. Please try the following method: Method 2: Non-default web login 1. Connect a PC to the router over the CON/AUX interface through a console configuration cable. 2. Enable the terminal emulation software on the PC, create a connection, and set an interface for the connection and other communication parameters. 3. Press Enter until the following information is displayed to remind users of configuring a verification code. 4. Connect a PC to the router over the management interface through a network cable. 5. Configure an IP address for the router for management. 6. Enable the web service. 7. Configure an HTTPS user and a user level. 8. Configure an IP address for the PC. 9. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 10. Configure the router through the web NMS page.

Enable the firewall functions on an AR router
All configured firewall functions take effect after the firewall functions are enabled in interzones. If an interzone contains the Local zone, to enable the firewall functions to take effect in this interzone, run the ip soft-forward enhance enable command in the system view to enable the IP address enhanced forwarding function of the router. Run the system-view command to access the system view. Run the firewall interzone zone-name1 zone-name2 command to access the interzone view. The zone-name1 and zone-name2 have been created by running the firewall zone command. Run the firewall enable command to enable the firewall functions. By default, the firewall functions of the interzone are not enabled. Run the undo firewall enable command to disable the firewall functions of the interzone. Run the display firewall interzone [ zone-name1 zone-name2 ] command to query information about the interzone.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top