Whether different ports can be used to configure the port mapping for USG firewalls

8

Yes. You must ensure that the ports do not conflict with each other.

Other related questions:
The USG firewall configures the SSL VPN port for forwarding
The USG firewall configures the SSL VPN port for forwarding The port forwarding service is a secure application that provides TCP-based applications and is a non-Web application. Port forwarding controls user access at the application level to control the availability of services for various applications. Before the configuration to ensure that the license file has been loaded, the USG can access the internal network resources. Configuration step: 1. In the USG to create a virtual gateway, external network users through this virtual gateway to access the enterprise network resources. 2. Configure the DNS server address and domain name of the internal network so that users can access the virtual gateway's service through the domain name. 3. Configure the port forwarding function. 4. Configure the server to add users who need access to the relevant groups. 5. Configure the authentication and authorization function on the firewall. 6. Configure Group Policy to allow group users to access the associated server. 7. Configure the user destination IP policy to restrict users from accessing other intranet resources.

Whether L2TP registration port 1701 can be modified on the USG2000 or USG5000
The L2TP communication port 1701 cannot be modified on the USG2000 or USG5000.

Whether the optical and electrical combo ports can be simultaneously used on the firewall
The optical and electrical combo ports cannot be simultaneously used on the USG2000&5000&6000. By default, the combo port works as the electrical port. To use the combo port as the optical port, you must specify its working status.

Can the PSTN port and the network ports of the MC850 be used simultaneously?
The PSTN port and the network ports of the MC850 cannot be used simultaneously. The PSTN port is mainly used for regeneration. The endpoint cannot place PSTN calls unless the network cable is disconnected first.

How to configure all-port mapping on the AR

Procedure

# Configure the NAT server on a public network interface to map all TCP ports with public IP address 1.1.1.1 to all ports with private IP address 192.168.0.1.

<Huawei> system-view
[Huawei] interface gigabitethernet 1/0/0
[Huawei-GigabitEthernet1/0/0] nat server protocol tcp global 1.1.1.1 inside 192.168.0.1

More information

If an enterprise has two or more allocatable public IP addresses and an internal server needs to provide services for public network users, all-port mapping can be configured for one public IP address. If you do not specify the range of port numbers open to public network users in the nat server command, all ports of the internal server are mapped to the same public IP address. That is, the server provides all types of services to public network users using all ports with the public IP address. If the IP address of a public network interface is used to provide services to public network users, configuring all-port mapping on this interface will cause failures of public network users to access the web interface or other services on the AR router, because all port numbers associated with the IP address are mapped to the internal server. Therefore, if only one public IP address is available, you are advised to configure mapping of specific port numbers. All-port mapping allows multiple ports to be mapped at one time, but this configuration lowers the network security because all ports are open to the public network.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top