Configuring global NAT ALG through the CLI on the USG6000

4

To simplify configurations, the USG6000 series supports configuring the global NAT ALG function. Enabling the global ASPF function equals to enabling the interzone and intrazone NAT ALG functions. The global NAT ALG function and interzone/intrazone NAT ALG function are logically ORed. Select one of them as required.
For example, configure the global NAT ALG function to detect FTP traffic.
system-view
[sysname] firewall detect ftp

Other related questions:
Configuring interzone NAT ALG through the CLI on the USG6000
The USG6000 series supports configuring interzone NAT ALG through the CLI. For example, enable the NAT ALG function for the FTP protocol in the interzone between the Trust zone and the Untrust zone. system-view [sysname] firewall interzone trust untrust [sysname-interzone-trust-untrust] detect ftp For details, see the USG6000 series product documentation.

Configuring intrazone NAT ALG through the CLI on the USG6000
The USG6000 series supports configuring intrazone NAT ALG through the CLI. For example, enable the NAT ALG function for the FTP protocol in the Trust zone. system-view [sysname] firewall zone trust [sysname-zone-trust] detect ftp For details, see the USG6000 series product documentation.

Configuring global ASPF through the CLI on the USG6000
To simplify configurations, the USG6000 series supports configuring the global ASPF function. Enabling the global ASPF function equals to enabling the interzone and intrazone ASPF functions. The global ASPF function and interzone/intrazone ASPF function are logically ORed. Select one of them as required. For example, configure the global ASPF function to detect FTP traffic. system-view [sysname] firewall detect ftp

Configuring intrazone ASPF through the CLI on the USG6000
The USG6000 series supports configuring the intrazone ASPF function through the CLI. For example, enable the ASPF function for the FTP protocol in the Trust zone. system-view [sysname] firewall zone trust [sysname-zone-trust] detect ftp The protocol types that can be detected in the intrazone view include DNS, FTP, H.323, ILS, MGCP, MMS, MSN, NetBIOS, PPTP, QQ, RTSP, SIP, and SQL.NET.

How do I configure NAT ALG
On a Huawei AR router, you can run the nat alg { all | protocol-name } enable command to enable NAT ALG for an application protocol. After NAT ALG for an application protocol is enabled, packets of the application protocol can traverse the NAT device. Note: In the command, all indicates that NAT ALG is enabled for DNS, FTP, SIP, PPTP, and RSTP. protocol-name indicates that NAT ALG is enabled for a specified protocol. The value can be dns, ftp, sip, pptp, or rtsp. The AR510 does not support NAT ALG for SIP.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top