The firewall function is a basic function of the device. The configuration involves multiple scenarios, and the procedure for each scenario is complex. The following provides an example for configuring basic functions. For details about the function configuration, visit:https://support.huawei.com/hedex/hdx.do?docid=EDOC1100087043&id=EN-US_TASK_0176367661&lang=en
Creating a Zone and Adding Interfaces to the Zone
Run system-view
The system view is displayed.
Run firewall zone zone-name
A zone is created.
By default, no zone is created on the device.
Run priority security-priority
A priority is set for the zone.
Run quit
Return to the system view.
Run interface interface-type interface-number
The interface view is displayed.
Run zone zone-name
The interface is added to the zone.
Each zone has multiple interfaces, but an interface can be added to only one zone.
Creating an Interzone
Run system-view
The system view is displayed.
Run firewall interzone zone-name1 zone-name2
An interzone is created.
Enabling Firewall in an Interzone
Run system-view
The system view is displayed.
Run firewall interzone zone-name1 zone-name2
The interzone view is displayed.
The zones zone-name1 and zone-name2 must have been created using the firewall zone command.
Run firewall enable
The firewall is enabled.
By default, the firewall function is disabled in an interzone.
Verifying the Basic Firewall Function Configuration
Run the display firewall zone [ zone-name ] [ interface | priority ] command to check information about a zone.
Run the display firewall interzone [ zone-name1 zone-name2 ] command to check information about an interzone.
Run the display firewall-nat session aging-time command to check the aging time of the firewall session table.
