EasyManuals Logo
Home>Huawei>Network Router>AR1200-S

Huawei AR1200-S User Manual

Huawei AR1200-S
308 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #69 background imageLoading...
Page #69 background image
3.4.3 Checking the Configuration
After the ACL-based packet filtering firewall is configured, you can view information about
ACL-based packet filtering.
Procedure
l Run the display firewall interzone [ zone-name1 zone-name2 ] command to view
information about packet filtering.
l Run the display acl acl-number command to view the ACL configuration.
----End
3.5 Configuring the Blacklist
You can manually add entries to the blacklist or configure a dynamic blacklist. If you choose
the dynamic blacklist, enable IP address scanning and port scanning defense on the attack defense
module of the AR1200-S. When the AR1200-S detects that the connection rate of an IP address
or a port exceeds the threshold, the AR1200-S considers that a scanning attack occurs, and adds
the source IP address to the blacklist. All the packets from this source IP address are then filtered
out.
3.5.1 Establishing the Configuration Task
Before configuring the blacklist, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the data required for the configuration. This will help
you complete the configuration task quickly and accurately.
Applicable Environment
The blacklist can filter out packets sent from a specified IP address to a zone. An IP address can
be added to the blacklist manually or automatically.
When the attack defense module of the firewall detects an attack through the packet behavior,
the firewall adds the source IP address of the packet to the blacklist. All the packets from this
IP address are then filtered out.
Pre-configuration Tasks
Before configuring the blacklist, complete the following tasks:
l Configuring zones and adding interfaces to the zones
l Configuring the interzone and enabling the firewall function in the interzone
l Enabling IP address scanning attack defense or port scanning attack defense if a dynamic
blacklist is used
Data Preparation
To configure the blacklist, you need the following data.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 3 Firewall Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Huawei AR1200-S and is the answer not in the manual?

Huawei AR1200-S Specifications

General IconGeneral
BrandHuawei
ModelAR1200-S
CategoryNetwork Router
LanguageEnglish

Related product manuals