H3C SecPath F50X0 Series Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Hardware
  5. SecPath F50X0 Series
  6. Manual
H3C SecPath F50X0 Series Manual

H3C SecPath F50X0 Series Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

H3C SecPath
Quick Deployment Guide
Document version: 6W100-20230724
Copyright © 2023 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New
H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document
are the property of their respective owners.
The information in this document is subject to change without notice.
i

Advertisement

Table of Contents
loading

Related Manuals for H3C SecPath F50X0 Series

Summary of Contents for H3C SecPath F50X0 Series

  • Page 1 No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

  • Page 2: Table Of Contents

    Contents About the firewall quick deployment guide ····················································· 1 F5000 series ······················································································································································ 1 F1000 series ······················································································································································ 1 F100 series ························································································································································ 2 Chassis views ································································································ 2 Front panel ························································································································································· 2 Rear panel·························································································································································· 3 Mechanism of firewalls ·················································································· 3 About firewalls ···················································································································································· 3 Interfaces and security zones ····························································································································...

  • Page 3: About The Firewall Quick Deployment Guide

    About the firewall quick deployment guide This guide helps you to have a preliminary understanding of the use of a firewall and complete the basic settings of the firewall, including the following: • Common networking methods of the firewall. • Quickly connect the firewall to the Internet.

  • Page 4: F100 Series

    F100 series F100 series Models F100-C-A6-WL, F100-C-A5-W, F100-C-A3-W, F100-C-A6, F100-C-A5, F100-C-A3, F100-C-A series F100-C-A1, F100-C-A2 Chassis views The chassis views vary by firewall model. For more information about the chassis views, see the installation guide for the product. This section uses the F100-C-A1 firewall as an example. Front panel The F100-C-A1 firewall provides the following ports on the front panel: •...

  • Page 5: Rear Panel

    The reset button restarts the firewall. It does not restore the factory defaults. Rear panel Figure 2 Rear panel (1) Grounding screw Mechanism of firewalls About firewalls A firewall is a network security device typically located at the network perimeter to isolate networks with different security levels as needed, protecting one network against attacks and intrusions from another network.
  • Page 6 Figure 3 Security zones A firewall device provides default security zones Local, Management, Trust, DMZ, and Untrust. Default security zones cannot be deleted. The function and application scenario of each default security zone are as follows: • Local—Refers to the device itself. You cannot add interfaces to security zone Local. For communication between a non-Management security zone and the device, you must configure a security policy to permit the packets between the corresponding security zone and security zone Local.

  • Page 7: Security Policy

    Security policy As shown in Figure 4, a security policy filters packets based on the specified filtering conditions such as source/destination security zone, source IP/MAC address, destination IP address, service, application, terminal, user, and time period. It processes matched packets according to the pre-set policy action.

  • Page 8: Application Scenario-Based Networking

    Application scenario-based networking As shown in Figure 5, connect the management interface, internal interface GE 1/0/2, and external interface GE 1/0/1 of the device. The internal interface acts as a LAN port and is typically added to the Trust security zone to connect the intranet host. The external interface acts as a WAN port and is typically added to the Untrust security zone to connect the carrier network for external communication.
  • Page 9 To access the Web interface, you must use the following browser settings: • Accept the first-party cookies (cookies from the site you are accessing). • Enable active scripting or JavaScript, depending on the Web browser. • If you are using an Internet Explorer browser, you must enable the following security settings: Script ActiveX controls marked safe for scripting.

  • Page 14: Internet Access In Routing Mode

    Internet access in routing mode Internet access in routing mode indicates that the device in the network is deployed in Layer 3 mode. That is, the uplink and downlink service interfaces of the device operate in Layer 3 mode. In this mode, the device typically serves as the gateway of the enterprise that connects the internal network and the Internet, and performs security monitoring and control of network traffic.

  • Page 18: Internet Access Through Dhcp

    Internet access through DHCP The device dynamically obtains a public network IP address through the DHCP service provided by the carrier to access the Internet. The configuration procedure is as follows:...

  • Page 21: Internet Access Through Pppoe

    Internet access through PPPoE The user can access the Internet through a PPPoE access authentication account obtained from the carrier. The configuration procedure is as follows:...

  • Page 25: Internet Access In Transparent Mode

    Internet access in transparent mode Compared with the routing mode, the transparent mode adopts the Layer 2 mode for deploying the device in the network. That is, the uplink and downlink service interfaces of the device operate in Layer 2 mode. In this mode, the device is typically deployed on the inner side of enterprise gateway. The device is not directly connected to the Internet but is capable of monitoring and controlling network traffic for security purposes.

  • Page 26: Configuring Signature Library Upgrade

    Configuring signature library upgrade To update a signature library of a service module, you must install the appropriate license. After the license expires, the service module can still use the existing signature library but cannot upgrade the signature library. The following methods are available for upgrading the signature library for a service module: •...

  • Page 27: Configuring Automatic Signature Library Upgrade

    • Manual upgrade—Use this method when the device cannot obtain the signature file automatically. You must manually download the most up-to-date signature file, and then use the file to upgrade the signature library on the device. Configuring automatic signature library upgrade...

  • Page 30: Triggering A Signature Library Upgrade

    Triggering a signature library upgrade...

  • Page 34: Performing A Manual Signature Library Upgrade

    Performing a manual signature library upgrade Activating and installing a license for the first time Some features require a license to run on the device. You must activate and install a license to use such a feature. Configuring a security policy...

  • Page 36: Restoring The Factory Defaults

    Restoring the factory defaults IMPORTANT: Use this feature with caution. This feature delete all configurations and files except .bin files and license files.

  • Page 38: Upgrading Software

    Upgrading software Performing maintenance and diagnostics...

  • Page 39: Advanced Features

    Advanced features Network Address Translation (NAT) translates an IP address in the IP packet header to another IP address. Typically, NAT is configured on gateways to enable private hosts to access external networks and external hosts to access private network resources such as a Web server. Use this feature in routing mode.

  • Page 40: Remote Office Through Ipsec

    Hot backup is a device-level high availability (HA) solution. It enables two devices to back up each other dynamically to ensure user service continuity upon failure of one of the devices. Hot backup is implemented through H3C proprietary Remote Backup Management (RBM).
  • Page 41 Figure 9 Hot backup functionality diagram Internet Internet Router GE1/0/7 2.1.1.15/24 Switch A Untrust VRID 1 Active group (VRID 1) Standby group (VRID 1) 2.1.1.3/24 Master (VRRP) Backup (VRRP) Standby group (VRID 2) Active group (VRID 2) VRID 2 Backup (VRRP) Master (VRRP) 2.1.1.4/24 2.1.1.1/24...

This manual is also suitable for:

Secpath f5000-ai seriesSecpath f1000-ai-x0 seriesSecpath f1000-ai-x5 seriesSecpath f1000-x-g3 seriesSecpath f10x0 seriesSecpath f100-c-a series ... Show all

Table of Contents