Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Pre-configuration Tasks
Before configuring the logs, complete the following tasks:
l
l
l
Data Preparation
To configure the log function, you need the following data.
No.
1
2
3
4
2.13.2 Enabling the Log Function on the Firewall
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall log { all | blacklist | defend | session | statistics } enable
The log function is enabled on the firewall.
The log function can be enabled according to log types or enabled for all types of logs by using
the all parameter.
By default, the log function is disabled on a firewall.
Step 3 Run:
firewall log session nat enable
The NAT session log is enabled.
Before running the firewall log session nat enable command, you must run the firewall log
session enable command.
By default, the NAT session log is disabled.
----End
Issue 01 (2012-03-15)
Configuring zones and adding interfaces to the zones
Configuring the interzone and enabling the firewall function in the interzone
Creating a basic ACL or an advanced ACL and configuring ACL rules
Data
Type of the log
IP address and port number of the session log host, and the source IP address and
source port number that the SPU uses to communicate with the session log host
Conditions for recording session logs, including the ACL number and the
direction
(Optional) Interval for exporting the attack defense logs or statistics logs
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
64
Advertisement
Table of Contents
