Basic Configuration Guide for Huawei Firewalls
- Diniz Martins
- Oct 2, 2024
- 3 min read
Introduction
Huawei firewalls are powerful security devices used to control and secure network traffic. They are known for their robustness and flexibility in different enterprise network environments. This post will cover the initial setup and basic configuration required to get your Huawei firewall up and running.
Step 1: Initial Device Setup:
Before configuring the firewall, it is essential to connect and access the device:
Connect to the Console Port: Use a console cable to connect your PC to the console port of the firewall.
Launch a Terminal Emulator: Open a terminal emulator like PuTTY or SecureCRT, set the baud rate to 9600 and establish a connection.
Login to the Firewall: Use the default username and password to login. For a new device, the default username is usually admin, and the password might be Admin@123 or left empty.
Step 2: Configure Basic Settings:
After accessing the firewall, you need to configure some essential settings, such as hostname, time zone, and interface IP addresses.
Set the Device Hostname:
shell
system-view sysname MyHuaweiFirewall
This command will set the device name to MyHuaweiFirewall, making it easier to identify in your network.
Configure the Time Zone:
shell
clock timezone GMT add 0 0
Set the appropriate time zone for accurate timestamping of logs and alerts.
Assign IP Address to the Interface:
Choose the interface you want to configure, and assign an IP address:
shell
interface GigabitEthernet0/0/1 ip address 192.168.1.1 255.255.255.0
Replace GigabitEthernet0/0/1 with the desired interface and update the IP address and subnet mask accordingly.
Step 3: Configuring Management Access:
Enable management access to the firewall using HTTPS, SSH, or Telnet.
Enable HTTP/HTTPS Access:
shell
http server enable https server enable
This will allow the firewall to be managed via a web browser.
Enable SSH for Secure CLI Access:
shell
ssh user admin service-type ssh ssh user admin authentication-mode password
This configuration allows secure CLI management of the firewall.
Step 4: Configuring Security Zones:
Creating security zones helps segment network traffic and apply appropriate policies:
Create Security Zones:
shell
security-zone name Trust security-zone name Untrust
Here, we create two zones: Trust for internal traffic and Untrust for external traffic.
Assign Interfaces to Security Zones:
shell
interface GigabitEthernet0/0/1 zone Trust interface GigabitEthernet0/0/2 zone Untrust
The GigabitEthernet0/0/1 interface is assigned to the Trust zone, while GigabitEthernet0/0/2 is assigned to the Untrust zone.
Step 5: Configuring NAT (Network Address Translation):
If you need to enable communication between different network segments, configuring NAT is essential.
Create a Source NAT Rule:
shell
nat-policy rule name NAT-RULE-1 source-zone Trust destination-zone Untrust action source-nat
This NAT rule enables internal clients from the Trust zone to access external resources through the Untrust zone.
Step 6: Configuring Security Policies:
Define security policies to control traffic between different zones:
Create a Security Policy:
shell
security-policy rule name Allow_HTTP source-zone Trust destination-zone Untrust source-ip 192.168.1.0 255.255.255.0 destination-ip any service http action permit
This rule allows HTTP traffic from the Trust zone to the Untrust zone.
Step 7: Saving the Configuration:
After completing the configuration, save the settings to ensure they persist after a reboot.
Save Configuration:
shell
save
Confirm the save operation by pressing Y when prompted.
Conclusion:
This post provides a basic walkthrough to get your Huawei firewall configured and operational. Depending on your network needs, you can add more advanced settings like VPN, routing, and deep packet inspection. For more detailed configurations, refer to Huawei's official documentation or reach out with specific queries in the comments below.