what the purpose of the USG2000 and USG5000 series equipment configured IP-Link

1

IP-Link is mainly used for automatic detection of the normal link or not, can be detected with the FW is not directly linked to the state of the link, to ensure business continuity.

Other related questions:
Purposes of the Link-Group on the USG2000 and USG5000
The Link-Group ensures the state consistency of physical interfaces in a group and accelerates the route convergence speed upon link failures.

IP-Link purposes on the USG
IP-Link is mainly used to automatically detect whether a service link is normal. It can be used to detect the status of a link that is not directly connected to the firewall to ensure service continuity.

IP-Link definition on the USG
IP-Link indicates the link accessibility check. The firewall periodically sends ICMP echo requests or ARP requests to the specified destination IP address and waits for responses. If no response is received with the specified period of time, the firewall considers that the current link is faulty and performs subsequent link-related operations. If the firewall receives three consecutive responses over the original link within the subsequently-specified period of time, the firewall considers that the link fault is eliminated and performs subsequent link recovery-related operations.

Configuring IPS for the USG2000 and USG5000
Configure IPS on the USG2000 or USG5000. The procedure is as follows: 1. Configure global IPSec parameters. system-view //Access the system view. ips enable //Enable the IPS function. system-view //Access the system view. ips mode { protective | warning } //Configure the IPS operating mode. 2. Configure the IPS signature, upgrade the predefined signature, or configure a custom signature. The procedure for configuring a custom signature is as follows: ips signature signature-id //Create a custom IPS signature and access the IPS signature view. a. name name //Configure the name of the custom IPS signature. b. protocol protocol-name [ [ severity { informational | notification | warning | error | critical } ] | [ direction { to-server | to-client | any } ] | [ source-ip { any | ip-address mask } ] | [ source-port { any | port-number | high | low } ] | [ destination-ip { any | ip-address mask } ] | [ destination-port { any | port-num | high | low } ] | [ offset { { packet | stream } offset-value | any } ] | [ max-stream-len { stream-len | any } ] ] * //Configure the protocol, severity, and direction of the custom IPS signature. c. regex regex //Configure the description of behavioral characteristics of attacks. 3. Configure the IPS policy. ips policy policy-name //Access the IPS policy view. signature-set signature-set-name //Create a signature set and access the signature set view. direction enable //Enable the function of filtering signatures in the signature set based on signature directions. direction { { to-server | to-client | any } * | all } //Add signatures of the specified direction to the signature set. severity enable //Enable the function of filtering signatures in the signature set based on signature severities. severity { above | below } { informational | notification | warning | error |critical } //Add signatures of the specified severity to the signature set. reliability enable //Enable the function of filtering signatures in the signature set based on signature reliability. reliability { above | below } { low | medium | high } //Add signatures of the specified reliability to the signature set. protocol enable //Enable the function of filtering signatures in the signature set based on protocols. protocol { protocol-name &<1-10> | all } //Add signatures of the specified protocol to the signature set. protocol enable //Enable the function of filtering signatures in the signature set based on categories. category mode { or | and } //Configure the matching mode for categories in the signature set. category { category-name &<1-10> | all } //Add signatures of the specified category to the signature set. signature-set [ enable ] action { alert | block } //Configure the enabling status and response mode of the signature set. signature-set move signature-set-name1 { before | after } signature-set-name2 //Modify the priority of the signature set. ips policy policy-name //Create an IPS policy named policy-name. override-signature signature-id enable action { block | alert } //Enable signature overriding and configure the response mode. 4. Apply the IPS policy. policy zone zone-name //Access the intra-zone firewall policy view. policy interzone zone-name1 vpn-instance vpn-instance-name zone-name2 { inbound | outbound }, //Access the inter-zone firewall policy view. policy policy-id //Create a firewall policy and access the policy ID view. action permit //Configure the action of the firewall policy to permit. policy ips ips-policy //Apply the IPS policy.

Link-Group definition on the USG2000 and USG5000
The Link-Group function can bind the states of multiple interfaces as a logical group. When any interface in the group is faulty, the system sets the state of other interfaces in the group as Down. After all interfaces in the group resume to be normal, the system sets the state of the interfaces in the entire group to Up again.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top