Permitting video conference traffic on the USG2000 and USG5000

12

Permit interzone traffic on the USG2000 and USG5000 based on the specific protocol and port.

Other related questions:
Permitting traffic of certain ports on the USG2000
For the access to the intranet, use a security policy to permit the corresponding port number.

Permitting all forwarding policies on the USG2000 and USG5000
You can set the action to permit or deny when you configure a forwarding policy.

Configuring IPS for the USG2000 and USG5000
Configure IPS on the USG2000 or USG5000. The procedure is as follows: 1. Configure global IPSec parameters. system-view //Access the system view. ips enable //Enable the IPS function. system-view //Access the system view. ips mode { protective | warning } //Configure the IPS operating mode. 2. Configure the IPS signature, upgrade the predefined signature, or configure a custom signature. The procedure for configuring a custom signature is as follows: ips signature signature-id //Create a custom IPS signature and access the IPS signature view. a. name name //Configure the name of the custom IPS signature. b. protocol protocol-name [ [ severity { informational | notification | warning | error | critical } ] | [ direction { to-server | to-client | any } ] | [ source-ip { any | ip-address mask } ] | [ source-port { any | port-number | high | low } ] | [ destination-ip { any | ip-address mask } ] | [ destination-port { any | port-num | high | low } ] | [ offset { { packet | stream } offset-value | any } ] | [ max-stream-len { stream-len | any } ] ] * //Configure the protocol, severity, and direction of the custom IPS signature. c. regex regex //Configure the description of behavioral characteristics of attacks. 3. Configure the IPS policy. ips policy policy-name //Access the IPS policy view. signature-set signature-set-name //Create a signature set and access the signature set view. direction enable //Enable the function of filtering signatures in the signature set based on signature directions. direction { { to-server | to-client | any } * | all } //Add signatures of the specified direction to the signature set. severity enable //Enable the function of filtering signatures in the signature set based on signature severities. severity { above | below } { informational | notification | warning | error |critical } //Add signatures of the specified severity to the signature set. reliability enable //Enable the function of filtering signatures in the signature set based on signature reliability. reliability { above | below } { low | medium | high } //Add signatures of the specified reliability to the signature set. protocol enable //Enable the function of filtering signatures in the signature set based on protocols. protocol { protocol-name &<1-10> | all } //Add signatures of the specified protocol to the signature set. protocol enable //Enable the function of filtering signatures in the signature set based on categories. category mode { or | and } //Configure the matching mode for categories in the signature set. category { category-name &<1-10> | all } //Add signatures of the specified category to the signature set. signature-set [ enable ] action { alert | block } //Configure the enabling status and response mode of the signature set. signature-set move signature-set-name1 { before | after } signature-set-name2 //Modify the priority of the signature set. ips policy policy-name //Create an IPS policy named policy-name. override-signature signature-id enable action { block | alert } //Enable signature overriding and configure the response mode. 4. Apply the IPS policy. policy zone zone-name //Access the intra-zone firewall policy view. policy interzone zone-name1 vpn-instance vpn-instance-name zone-name2 { inbound | outbound }, //Access the inter-zone firewall policy view. policy policy-id //Create a firewall policy and access the policy ID view. action permit //Configure the action of the firewall policy to permit. policy ips ips-policy //Apply the IPS policy.

Meaning of the NAT on the USG2000 and USG5000
The Network Address Translation (NAT) is an address translation technology. It can convert the address in an IPv4 packet header to another address. Generally, the NAT is used to convert a private IP address in the IPv4 packet header to a public IP address, so that multiple users on the private network can access the Internet using less public IP addresses. Therefore, the NAT technology can address the IPv4 public address shortage issue caused by the expansion of the Internet scale.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top