Got it

Interzone policy in AR

Latest reply: Oct 13, 2018 10:02:51 746 2 2 0 0


    AR is able to ping the destination ip ieSNMP Server ( & ), but SNMPServer are not able to ping our router ip .

    Customer wants the network is reachable.


   About this ticket , the issue  is AR settinga  interzone Policy to block the traffic from Untrust (SNMP Server) toLocal ( )


         But the trafficfrom Local( to Untrust (SNMP Server ) is allowed  , so AR is ableto ping SNMP Server , and the server is not.


         IF you want theSNMP Server be able to ping the AR , you can add an Advanced ACL to permit the traffic from SNMP Server( & to AR.


         Please referbelow commands:



[Huawei]acl 3001

[Huawei-acl-adv-3001]rule 5 permit ip source  0 destination 0

[Huawei-acl-adv-3001]rule 10 permit ip source  0 destination 0

         [Huawei]firewall interzone local untrus

[Huawei-interzone– local - untrust] packet-filter 3001 inbound


         Configure ACLand apply it , please refer below link:

  an Advanced ACL&docid=EDOC1000085855 ACL-based Packet Filtering in an Interzone&docid=EDOC1000085855



Aboutto tracert of the AR Router,  it’s default unreachable , if you need it beable to tracert , you should configure it like below:

 and Tracert&docid=EDOC1000085855


Root Cause

      The AR router has been enabled Firewall function , but not permit the traffic .


Remote to customer's AR router add ACL for permiting traffic ,then solve the issue

  • x
  • convention:
Created Sep 30, 2018 01:57:14

I have encountered this question about you. I have checked a lot of information, but I still have not answered this question clearly. Thank you for sharing this knowledge and solving my doubts. I hope that you can continue to update such knowledge points. Thank you. !
View more
  • x
  • convention:

Author Created Oct 13, 2018 10:02:51

Good case. sharing the case is appreciated !
View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.