Configuring the global router ID on the firewall

2

Perform as follows to configure the global router ID on the firewall:
In the configuration of a global router ID, you must ensure that it is different from all other router IDs. Generally, you can set the router ID to be same as the IP address of a router interface.
1. Run the system-view command to access the system view.
2. Run the router id router-id command to configure the global router ID.
By default, the global router ID is not configured.
3. Run the display router id command to display the configured router ID.

Other related questions:
How to configure the firewall global router ID number?
Configure the firewall global router ID number as follows: When configuring the global router ID, you must ensure that the router ID is different from that on the network. The usual way is to configure the router ID to match the IP address of an interface of the router. 1. Run: system-view The system view is displayed. 2. Run: router id router-id The global router ID is configured. By default, no global router ID is configured. 3. Run the display router id command to view the configured router ID.

Configuring virtual routers on the firewall
Perform as follows to configure virtual routers on the firewall: You can configure a virtual router to isolate VPN routes. 1. Choose Network > Route > Virtual Route. 2. In Virtual Router List, click Add. 3. Enter the name of the virtual router to be created. 4. Click OK. If the new virtual router entry is displayed, the operation succeeds.

Is the MPLS VPN RD of the AR router globally unique
A VPN-IPv4 address consists of 12 bytes. The first 8 bytes represent the RD and the last 4 bytes represent the IPv4 address prefix. The RDs are used to distinguish IPv4 prefixes with the same address space. IPv4 addresses with RDs are VPN-IPv4 addresses (VPNv4 addresses). After receiving IPv4 routes from a CE, a PE converts the routes to globally unique VPN-IPv4 routes and advertises the routes on the public network. Each service provider can independently allocate RDs . When CEs are dual-homed to PEs, RDs must be globally unique to ensure correct routing.

Configure the ASPF firewall on an AR router
The application specific packet filter (ASPF) firewall can detect and filter FTP, HTTP, SIP, and RTSP packets on the application layer. The ASPF firewall filters packets on the application layer based on status. This firewall can detect application layer session information that attempts to pass the firewall, and prevent packets that do not match rules from passing the firewall. After the ActiveX Blocking is configured, the ASPF will block the ActiveX that is transmitted over HTTP, preventing users from installing insecure or malicious controls. After the Java Blocking is configured, the ASPF will block requests that are sent in order to obtain programs containing the Java Applet from web pages. In the system view: 1. Run the firewall interzone zone-name1 zone-name2 command to access the interzone view. 2. In V200R006 and earlier versions, run the detect aspf { all | ftp | http [ activex-blocking | java-blocking ] | rtsp | sip } command to configure the ASPF firewall. In V200R007, run the detect aspf { ftp | rtsp | sip } command to configure the ASPF firewall. Most of the application layer protocols have bidirectional interaction processes. Therefore, during ASPF configuration, ignore directions, and the router automatically checks the status of inbound and outbound packets. By default, the ASPF firewall is not configured for the interzone. 3. Check the configuration result. Run the display firewall interzone [ zone-name1 zone-name2 ] command to query ASPF information about the interzone.

Configure VPN instances on an AR router to configure virtual firewalls
A virtual firewall is implemented by configuring a VPN instance. A VPN instance corresponds to one virtual firewall. Before configuring a virtual firewall, create a VPN instance first, and then bind an interface with the VPN instance. Interfaces that have the same VPN instance belong to a same virtual firewall, and security policies can be deployed separately for the virtual firewall. Operation procedure Run the system-view command to access the system view. Run the ip vpn-instance vpn-instance-name to create a VPN instance and access the VPN instance view. (Optional) Run the description description-information command to record the descriptive information of the VPN instance. Run the route-distinguisher route-distinguisher command to configure a routing label for the VPN instance. After a VPN instance is created, specify a routing label for the VPN instance; otherwise, subsequent configuration cannot be performed. Run the interface interface-type interface-number command to access the interface view. Run the ip binding vpn-instance vpn-instance-name command to bind an interface with the VPN instance. Bind an interface with the VPN instance, and then configure an IP address for the interface. Otherwise, the configured IP address will be deleted, and you will need to reconfigure an IP address for the interface. Run the ip address ip-address { mask | mask-length } command to configure an IP address for the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top