DDNSs supported by the USG2000&5000 series

18

The USG2000&5000 series devices support the updated DDNS function through the DDNS server. The device serves as the DDNS client and dynamically updates the mapping between the domain name and IP address on the DNS server through the DDNS server to ensure that the correct IP address is obtained after domain name resolution.

Other related questions:
Whether the USG2000&5000 series supports threshold learning
No.

Whether the USG2000&5000 series supports TCP proxy defense
Yes. By default, the TCP proxy function is disabled.

Defining services for the USG2000&5000 series
The USG2000&5000 series supports defining services using the web UI or CLI. Service can be used as a security policy matching condition. The system has a predefined service set, and you can define services by specifying such information as the port. Defining services using the web UI: Choose Firewall > Service > User-defined Service and click Create in User-defined Service List. Enter or select service information, including the name, description, and protocol, and click Apply. Defining services using the CLI: 1. Run the ip service-set service-set-name type object [ vpn-instance vpn-instance-name ] command in the system view to create a service set and access its view. 2. Add members to this service set. a. Run the service [ id ] protocol { udp | tcp | sctp } [ source-port { src-port-number-1 [ to src-port-number-2 ] } &<1-64> | destination-port { dst-port-number-1 [ to dst-port-number-2 ] } &<1-64> ] * [ description description ] command to specify protocol types, such as TCP, UDP, or SCTP, by port number ranges. b. Run the service [ id ] protocol icmp [ icmp-type { icmp-name | icmp-type-number icmp-code-number } ] [ description description ] command to specify the ICMP message type or code. c. Run the service [ id ] protocol protocol-number [ description description ] command to specify the protocol field value in IP packet headers to specify the protocol type. 3. Run the description text command to configure the service set description.

Whether the USG2000&5000 support capturing packets
You can enable the packet capture function on the USG2000&5000 as follows: 1. Configure the packet capture queue. [USG] packet-capture all-packet queue 0 interface GigabitEthernet 0/0/1 2. Enable the packet capture function. [USG] packet-capture startup manual 3. Save packets in the specified queue as file 1.cap on the device. The default directory is hda1:/. [USG] packet-capture queue 0 to-file 1.cap 4. Use FTP to download file 1.cap from the device, use the packet capture software to open the file, and analyze the captured packets. 5. Clear the packet capture queue and release the memory. After confirming that the host has completed receiving the packets, delete all packets from the queue. reset packet-capture queue 0

Configuring an address set for the USG2000&5000 series
The USG2000&5000 series supports configuring an address set using the web UI or CLI. An address set can contain IP addresses, network segments, IP address ranges, and MAC addresses and be contained in another address set. Configuring an address set using the web UI: Choose Firewall > Address > Address Set and then click Create in Address Set List. Enter or select the address set name and description, reference the address or address set, configure the IP address, and click Apply. Configuring an address set using the CLI: 1. Run the ip address-set address-set-name [ type { object | group } | vpn-instance vpn-instance-name ] * command in the system view to create an address set and access its view. 2. Run the address [ id ] { ip-address { 0 | wildcard | mask { mask-address | mask-len } } | range start-ip-address end-ip-address | address-set address-set-name | mac-address } [ description description ] command to add a member to this address set. You can run this command repeatedly to add multiple members to this address set. 3. Run the description text command to configure the address set description.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top