Configuring virtual routers on the firewall

25

Perform as follows to configure virtual routers on the firewall:
You can configure a virtual router to isolate VPN routes.
1. Choose Network > Route > Virtual Route.
2. In Virtual Router List, click Add.
3. Enter the name of the virtual router to be created.
4. Click OK.
If the new virtual router entry is displayed, the operation succeeds.

Other related questions:
Configure security features of a virtual firewall on an AR router
The procedure of configuring security features for a virtual firewall is the same as that of configuring for a common firewall. Each firewall must be separately deployed to meet different firewall service requirements. Security features that can be configured include: packet filtering firewall, ASPF, port mapping, session table aging time, and attack defense. Before configuring the following features, specify a VPN instance: manually adding a blacklist/whitelist and configuring ICMP/SYN/UDP flooding defense. The configured features take effect to the firewall only according to the specified VPN instance. For details about the command for configuring security features of a virtual firewall, see the URL: The AR router configures the security features of the virtual firewall .

Configure VPN instances on an AR router to configure virtual firewalls
A virtual firewall is implemented by configuring a VPN instance. A VPN instance corresponds to one virtual firewall. Before configuring a virtual firewall, create a VPN instance first, and then bind an interface with the VPN instance. Interfaces that have the same VPN instance belong to a same virtual firewall, and security policies can be deployed separately for the virtual firewall. Operation procedure Run the system-view command to access the system view. Run the ip vpn-instance vpn-instance-name to create a VPN instance and access the VPN instance view. (Optional) Run the description description-information command to record the descriptive information of the VPN instance. Run the route-distinguisher route-distinguisher command to configure a routing label for the VPN instance. After a VPN instance is created, specify a routing label for the VPN instance; otherwise, subsequent configuration cannot be performed. Run the interface interface-type interface-number command to access the interface view. Run the ip binding vpn-instance vpn-instance-name command to bind an interface with the VPN instance. Bind an interface with the VPN instance, and then configure an IP address for the interface. Otherwise, the configured IP address will be deleted, and you will need to reconfigure an IP address for the interface. Run the ip address ip-address { mask | mask-length } command to configure an IP address for the interface.

Problem and solution when the USG6000 virtual system cannot be configured
Check the permission of the administrator account used for login. If you use the root system administrator account to configure the virtual system, the level of the root system administrator shall be the system administrator. If you use the virtual system administrator account to configure the virtual system, the level of the virtual system administrator shall be the system administrator or the configuration administrator with the read and write permissions. Choose System > Admin > Administrator Role and configure the administrator account.

Configuring an SSL VPN virtual gateway on the firewall
Configuring virtual gateways on the USG 1. system-view 2. v-gateway v-gateway-name { ip-address | interface interface-type interface-number } [ port port-number ] { private [ domain-name ] | public domain-name } //Create a virtual gateway. A private gateway is in exclusive mode, and a public gateway is in shared mode. 3. quit 4. v-gateway v-gateway-name ip address ip-address [ port port-number ] //Assign an IP address and a port number to the virtual gateway. Exclusive virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command adds the virtual gateway IP address. The undo v-gateway v-gateway-name ip address ip-address command deletes the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. Shared virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command changes the virtual gateway IP address. You cannot run the undo v-gateway ip address command to delete the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. If a port bound to the IP address of the virtual gateway is used for other purposes (such as web management or SSH login), the port cannot be configured as the port of the virtual gateway. 5. v-gateway v-gateway-name interface interface-type interface-number [ port port-number ] //Modify the virtual gateway interface. 6. v-gateway v-gateway-name domain domain-name //Modify the virtual gateway domain name. 7. v-gateway v-gateway-name http-redirect enable //Configure the HTTP redirection function of the virtual gateway. 8. v-gateway v-gateway-name max-user max-user //Modify the maximum number of virtual gateway users. Its default value is 1. 9. v-gateway v-gateway-name cur-max-user cur-max-user //Modify the maximum number of concurrent users of the virtual gateway. 10. v-gateway v-gateway-name max-resource max-resource //Modify the maximum number of resources on the virtual gateway. Its default value is 1.

Configuring virtual firewalls for the USG2000&5000 series
This section provides an example for configuring multiple virtual firewalls (or VPN instances) on the USG to provide relatively independent services to multiple small-scale private networks. These virtual firewalls share the hardware but have the data mutually isolated to guarantee respective independence and security. For configuration details, search for "Example for Configuring Virtual Systems" in the product documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top