USG2000&&5000 series equipment and competitors firewall docking configuration IPSEC,Is there a command to configure tunnel detection

15

Yes, configure DPD.

Other related questions:
Commands for configuring tunnel detection in IPSec configuration scenarios where USG2000&5000 series devices are connected to firewalls of peer vendors
Yes. Configure DPD.

Configuring virtual firewalls for the USG2000&5000 series
This section provides an example for configuring multiple virtual firewalls (or VPN instances) on the USG to provide relatively independent services to multiple small-scale private networks. These virtual firewalls share the hardware but have the data mutually isolated to guarantee respective independence and security. For configuration details, search for "Example for Configuring Virtual Systems" in the product documentation.

Configuring an address set for the USG2000&5000 series
The USG2000&5000 series supports configuring an address set using the web UI or CLI. An address set can contain IP addresses, network segments, IP address ranges, and MAC addresses and be contained in another address set. Configuring an address set using the web UI: Choose Firewall > Address > Address Set and then click Create in Address Set List. Enter or select the address set name and description, reference the address or address set, configure the IP address, and click Apply. Configuring an address set using the CLI: 1. Run the ip address-set address-set-name [ type { object | group } | vpn-instance vpn-instance-name ] * command in the system view to create an address set and access its view. 2. Run the address [ id ] { ip-address { 0 | wildcard | mask { mask-address | mask-len } } | range start-ip-address end-ip-address | address-set address-set-name | mac-address } [ description description ] command to add a member to this address set. You can run this command repeatedly to add multiple members to this address set. 3. Run the description text command to configure the address set description.

Configuring ACLs for the USG2000&5000
The USG2000&5000 series supports configuring ACLs using the CLI. acl [ number ] acl-number [ vpn-instance vpn-instance-name ] [ match-order { config | auto } ] undo acl { all | [ number ] acl-number } The default matching order is config. An access control list contains a series of rules with permit or deny statements. You need to first create an access control list and then configure its rules. Example # Create an ACL numbered 2000. system-view [sysname] acl number 2000 [sysname-acl-basic-2000]

Configuring SSH on the USG2000&5000
Configure SSH on the USG2000&5000 as follows: Configuration roadmap: USG_A serves as the client, and USG_B as the SSH server. 1. Create an SSH user on USG_B. 2. Generate a local key pair on USG_B. 3. Enable the STelnet/SFTP service on USG_B. 4. Log in to USG_B through USG_A on the client.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top