Traffic matched by the nat server command with a port number according to the specified protocol adopted by the USG5000 series

The procedure for changing the port number of the Telnet server on the AR router is as follows: The default port number of the Telnet server is 23. You can run the telnet server port command to configure a new port number for a Telnet server to prevent attackers from accessing the server using the default port.

USG2000 series cannot map ports after the nat server command is executed.

You can configure the UDP port mapping when configuring NAT Server for the USG2000 and USG5000 series. The configuration method is the same as that for TCP port mapping. [USG]nat server protocol udp global 1.1.1.1 10000 inside 2.2.2.2 10000 [USG]disp nat server id : 3 zone : --- interface : --- global-start-addr : 1.1.1.1 global-end-addr : --- inside-start-addr : 2.2.2.2 inside-end-addr : --- global-start-port : 10000(hwcc) global-end-port : --- insideport : 10000(hwcc) globalvpn : public insidevpn : public protocol : udp vrrp : --- no-reverse : no

USG firewalls do not support NAT based on domain names accessed by intranet users. To allow users to access specified websites, you can configure the URL filtering.

The USG firewalls use open port numbers for IPSec NAT traversal. UDP packets with destination port set to 500 or 4500. If no NAT device exists, the port number is set to 500; if the NAT device exists, the port number is set to 4500. IP packets using the AH (port number set to 51) or ESP (port number set to 50).