Whether the interface address of the USG2000 can be set to a private IP address to access the Internet

1

Yes.
The Internet access is supported as long as the interface address experiences NAT.

Other related questions:
Whether the USG6330 interface supports Internet access without a private IP address
Yes. This function is supported as long as you configure the NAT.

Whether the USG2000 and USG5000 can restrict that only certain IP addresses on the intranet can access the Internet
On the web UI, choose Policy > Security Policy > Policy Matching Analysis to check the policy matching information.

Whether the interface address of the firewall can be set to an address in the NAT address pool
When the NAT No-PAT and triplet NAT policies are configured, do not configure the interface address of the firewall as an interface in the NAT address pool, to prevent the impacts on the access to the firewall. If you set the interface address to the public IP address of NAT Server, you cannot manage the firewall using the interface address in web UI or Telnet mode or perform the ping detection on the firewall. If you need to set the interface address to the public IP address of NAT Server and remotely manage the firewall over this interface, you can enable the PAT for NAT Server and configure protocols and port numbers to narrow the address and port number translation scope, thereby avoiding the impacts on the access to the firewall.

Allow specified IP addresses to access the Internet through an interface on an S series switch
You can configure an ACL-based traffic policy and apply the traffic policy to an interface on an S series switch to allow specified IP addresses to access the Internet through the interface. For example, configure GE0/0/1 to allow only the user with the IP address of 1.1.1.2 and prevent all other users to access the Internet. [HUAWEI] acl number 3030 [HUAWEI-acl-adv-3030] rule permit ip source 1.1.1.2 0 [HUAWEI-acl-adv-3030] quit [HUAWEI] acl number 3031 [HUAWEI-acl-adv-3031] rule permit ip [HUAWEI] traffic classifier test1 [HUAWEI-classifier-test1] if-match acl 3030 [HUAWEI] traffic classifier test2 [HUAWEI-classifier-test2] if-match acl 3031 [HUAWEI] traffic behavior test1 [HUAWEI-behavior-test1] permit [HUAWEI] traffic behavior test2 [HUAWEI-behavior-test2] deny [HUAWEI] traffic policy test [HUAWEI-trafficpolicy-test] classifier test1 behavior test1 [HUAWEI-trafficpolicy-test] classifier test2 behavior test2 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy test inbound

Whether the public IP address and private IP address can be the same in server mapping mode on the USG6000 series
The public IP address and private IP address configured for NAT Server on the USG6000 series cannot be the same.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top