Advantages of Hiring UIUX Design Service Providers for Your Business
Virtual Firewall – Overview and Configuration
1. Virtual Firewall – Overview and Configuration
Each virtual firewall is a complex of virtual private network (VPN) instances, security
instances, and configuration instances. With the emergence and development of VPN
technologies, the virtual firewall technology springs up. A virtual firewall is a logical
division of a firewall. The firewall rental service can be provided after a virtual firewall is
created on the root firewall.
A virtual firewall
A virtual firewall logically divides a device into multiple virtual private networks (VPNs) to
provide independent security services for multiple small private networks. As a
combination of security instances and configuration instances, a virtual firewall provides
users with private forwarding services, security services, and configuration management
services.
Based on multi-VPN instances, VPN instances and virtual firewalls are created at the
same time. Binding interfaces, security zones to multi-VPN instances enables the
security zone-based security functions in each virtual firewall to be isolated from one
another. Meanwhile, each administrator's operation permission on the virtual device is
controlled by binding system administrators to multi-VPN instances so that administrators
have only the permission to the configuration of the bound virtual firewalls. Therefore, the
independence on the configuration and maintenance of virtual firewalls is ensured. In
many cases, VPN instances are bound to provide an independent configuration and
maintenance service for every virtual firewall.
After a virtual firewall is created, resources are to be allocated to ensure basic
communication within it. For example, bind the interface to a VPN instance, add the
interface to the security zone, and configure security policies in virtual firewall interzones.
Varied services can be configured on a virtual firewall. The same service in different
devices does not interfere with each other.
NOTE
The Huawei Symantec virtual firewall feature of the USG2110-X/2100 and
USG2100/2200/5100 HSR is not controlled by a license. A maximum of 10 virtual
firewalls are provided by the USG2110-X/2100 or USG2100HSR, and a amaximum of
100 virtual firewalls are provided by the USG2200/5100 HSR.virtual firewall The virtual
firewall feature of the USG2200/5100/5500 is controlled by a license. If no license is
available, 10 virtual
firewalls are provided.
Networking diagram for a virtual firewall
As shown in Figure 1, two different virtual firewalls can be created on the USG.
1
2. Enterprise
A and Enterprise B implement network communication through VFW1 and VFW2, but
data between them is isolated and free of mutual interference. In addition, enterprises
can configure virtual firewalls in Layer 2 or Layer 3 mode according to their network
modes to meet the actual network requirements.
Configuration flow for a virtual firewall
2
3. Adding a Virtual Firewall
Step 1 Choose System > Virtual Firewall > Virtual Firewall.
Step 2 Click Add.
Step 3 Enter or select the parameters
Step 4 Click Apply.
If the new virtual firewall is displayed on the page, the operation succeeds.
----End
Switch Between a Virtual Firewall and a Root Firewall
To configure the virtual firewall, switch to the configuration page which is called virtual
firewall view. The device is called the root firewall for distinguishing it from virtual
firewalls.
l Switch from the root firewall to the virtual firewall.
– Method 1: In Current View, choose the destination virtual firewall from the Dropdown
List.
– Method 2:
1. Choose System > Virtual Firewall > Virtual Firewall.
2. Click corresponding to the virtual firewall to be switched.
l Switch from the virtual firewall view to the root firewall view
1. In Current View, choose Root from the Drop-down List.
----End
Configuring Virtual Firewall Resources
You can allocate resources to virtual firewalls by binding certain features to VPN
instances to ensure basic communication and management of the virtual firewall.
Step 1 Configure the administrator of the virtual firewall, and bind it to the VPN instance,
so that the administrator can configure and manage the virtual firewall in Web, Telnet, or
SSH mode, which ensures an independent management of each virtual firewall.
NOTE
The administrator of the root firewall can configure and manage the root firewall and
virtual firewalls in console, Web, Telnet, or SSH mode.
Step 2 Bind the interface to the VPN instance and add the instance to the security zone.
Four security zones, namely, the Local zone, Trust zone, DMZ, and Untrust zone are
available on the device by default. To create a security zone, switch to the virtual firewall
view first.
Step 3 Switch to the virtual firewall view and configure an interzone forwarding policy for
the virtual firewall.
You can bind other features to VPN instances to meet other virtual firewall
3
4. communication
needs, such as NAT and route. For details, see corresponding chapters.
----End
More related:
HOW TO PREVENT INTERFERENCE WIRELESS ROUTER
HUAWEI MID-LOW-END FIREWALL – USG2000 SERIES UNIFIED SECURITY
GATEWAY
More Huawei products and Reviews you can visit: http://www.huanetwork.com/blog
Huanetwork.com is a world leading Huawei networking products distributor, we wholesale
original new Huawei networking equipments, including Huawei switches, Huawei routers,
Huaweisymantec security products, Huawei IAD, Huawei SFP and other Huawei networking
products. Our customers include telecom operators, Huawei resellers, ISP and system integrators.
Right now most of our sales are contributed by regular customers
Our website: http://www.huanetwork.com
Telephone: +852-30501940
Email: sales@huanetwork.com
Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong
4