Got it
Huawei Enterprise Support Community
Community Forums Security
Port 4500 is blocked, How...

Port 4500 is blocked, How do I allow it?

Created: May 17, 2021 10:20:31Latest reply: Sep 29, 2021 11:53:29 588 21 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Please see the configuration below:

How do I change it to allow port 4500?


ssl policy default_policy type server
 pki-realm default
 version tls1.2
 ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
ike proposal default
 encryption-algorithm aes-256 aes-192 aes-128
 dh group14
 authentication-algorithm sha2-512 sha2-384 sha2-256
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256
 prf hmac-sha2-256

VPN

Like (0) Dislike (0) Favorite(0) Share Report
Previous: cannot configure application behavior control on usg firewall
Next: [Dr. WoW] [No.4] Security Zones
Featured Answers

Recommended answer

(0) (0)
DDSN
Admin Created May 18, 2021 03:23:39

Hi ClarenceEemont,
You can enable port 4500 in the interzone security policy. Refer to the following configuration.
security-policy
  rule name policy1
    source-zone zone-name1
    destination-zone zone-name2
    service protocol udp destination-port 4500
    action permit
security-policy
  rule name policy2
    source-zone zone-name1
    destination-zone zone-name2
    service protocol udp destination-port 4500
    action permit
I hope it helps!

View more
  • x
  • convention:
All Answers
(0) (0)
2#
BetterMing
BetterMing Created May 17, 2021 10:20:47

Hello, dear.
It's nice to meet you in the community.
We're working on getting the right answer for you. Please rest assured that we'll be back with an answer shortly.

View more
  • x
  • convention:
(0) (0)
3#
DDSN
DDSN Admin Created May 17, 2021 11:04:57

Hi ClarenceEemont,
Do you want to let go of port 4500 in the security policy?
View more
  • x
  • convention:
(0) (0)
4#
ClarenceEemont
ClarenceEemont Created May 18, 2021 01:14:07

I want to allow port 4500 both incoming and outgoing.
View more
  • x
  • convention:
(0) (0)
5#
DDSN
DDSN Admin Created May 18, 2021 03:23:39

Hi ClarenceEemont,
You can enable port 4500 in the interzone security policy. Refer to the following configuration.
security-policy
  rule name policy1
    source-zone zone-name1
    destination-zone zone-name2
    service protocol udp destination-port 4500
    action permit
security-policy
  rule name policy2
    source-zone zone-name1
    destination-zone zone-name2
    service protocol udp destination-port 4500
    action permit
I hope it helps!

View more
  • x
  • convention:
(0) (0)
6#
ClarenceEemont
ClarenceEemont Created May 22, 2021 11:21:50

What is the command to check if it is blocked in the first place?
display crypto ?
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created May 22, 2021 11:37:04

Posted by ClarenceEemont at 2021-05-22 11:21 What is the command to check if it is blocked in the first place?display crypto ?
That's a choice.
Besides, you can have a connection test.
If you block the port of the firewall itself, you can also have a telnet test, though I think, you are not doing that.
View more
  • x
  • convention:
(0) (0)
8#
ClarenceEemont
ClarenceEemont Created May 24, 2021 00:35:27

Ok. How do I remove those configuration?

These 2 commands dont work:

undo ssl policy default_policy type server
undo ike proposal default
View more
  • x
  • convention:

DDSN
DDSN Created May 24, 2021 01:56:17 (0) (0)
What model is your device? And what version?  
(0) (0)
9#
ClarenceEemont
ClarenceEemont Created May 24, 2021 02:19:18

[V300R019C10SPC300]
#
sysname AR651
View more
  • x
  • convention:

DDSN
DDSN Created May 24, 2021 02:58:02 (0) (0)
The SSL policy default_policy and IKE proposal default are the default values of the device and cannot be deleted.
You can refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1100087043&id=EN-US_CLIREF_0176375175&lang=en
https://support.huawei.com/hedex/hdx.do?docid=EDOC1100087043&id=EN-US_CLIREF_0176371488&lang=en  
(0) (0)
10#
ClarenceEemont
ClarenceEemont Created May 24, 2021 03:45:46

Because I suspect it is blocking port 4500.
So what do I do about this?
View more
  • x
  • convention:

chenhui
chenhui Created May 24, 2021 03:48:43 (0) (0)
You mean the firewall blocks the UDP port 4500?
If I'm right, yes, you are right, partially. By default, the firewall blocks all the traffic across itself, so you should enable the security policy to allow that traffic.  
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.