Blocking IP addresses on the firewall

0

You can configure a security policy to block the traffic of a specified IP address.
In the security policy, specify the source address and destination address as specific IP addresses and set the policy action to block.

Other related questions:
Blocking IP addresses on the firewall
You can configure a security policy to block the traffic of a specified IP address. In the security policy, specify the source address and destination address as specific IP addresses and set the policy action to block.

Configuring a trusted host for an administrator account
By binding an administrator account to an ACL, you can strictly control the login IP address of the administrator and forbid other non-specified IP addresses to log in to the device. 1. Configure a trusted host for the administrator. [sysname] acl 2001 [sysname-acl-basic-2001] rule permit source 10.3.0.0 0.0.0.255 [sysname-acl-basic-2001] quit 2. Bind the administrator account named abc to trusted host. [sysname] aaa [sysname-aaa] manager-user abc [sysname-aaa-manager-user-abc] acl-number 2001

Blocking a specified domain name on the firewall
For V100R001 and V5, you can configure a security policy, set the destination address to a domain name group that contains the list of domain names to be blocked, and set the action to block to block these domain names. You can also configure URL filtering to blacklist the domain names to be blocked so as to block them. For V300R001, you can only configure URL filtering to blacklist the domain names to be blocked so as to block them.

Whether sessions generated for the traffic blocked by policies can be queried on a firewall
No session will be generated for the traffic blocked by policies on a firewall, and therefore cannot be queried.

Changing the peer IP address of IPSec VPN on the firewall
Changing the peer IP address of IPSec VPN on the USG 1. Configuration method remote-address The remote-address command specifies the IKE peer address or address range. remote-address { low-ip-address [ high-ip-address ] | ip-pool pool-number | authentication-address low-ip-address [ high-ip-address ] | vpn-instance vpn-instance-name low-ip-address [ high-ip-address ] } undo remote-address [authentication-address | ip-pool ] Parameter description ip-pool: To assign an IP address from the local end to the peer end (such as the AP device), configure the address pool at the local end and assign an IP address to the peer end. authentication-address: In a scenario where NAT traversal is implemented, to use the IP address for authentication, configure the authentication-address parameter to specify the pre-NAT address or address range. vpn-instance: Specifies the VPN instance and interface IP address of the tunnel during multi-instance configuration. If no high-ip-address is specified in the command, only one address is configured for the IKE peer. When the IKE peer is referenced by the IPSec policy template, the remote-address command is optional. When the IKE peer is referenced by the IPSec policy, the remote-address is mandatory. If the peer address is configured as an address segment, this IKE peer can be referenced by the IPSec policy template only. When the IKE peer is referenced by the IPSec policy or IPSec policy template, you cannot run the remote-address command to modify the peer IP address of the IKE peer. 2. Example system-view [sysname] ike peer peer1 [sysname-ike-peer-peer1] remote-address 202.38.0.1 //Set the IP address of the IKE peer peer1 to 202.38.0.1.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top