Updated on 2025-08-19 GMT+08:00

Configuration on the Hillstone Firewall

Prerequisites

The basic network configuration of the Hillstone firewall has been completed.

Procedure

  1. Log in to the configuration page.

    A firewall running the 5.5R9 version is used as an example. The configuration pages may vary according to the firewall models and software versions.

  2. Complete basic settings.
    1. Configure a security zone.

      Choose Network > Zone. Click New and set parameters, as shown in Figure 1.

      Figure 1 Configuring a security zone
    2. Configure a security policy.

      Choose Policy > Security Policy > Policy. Click New, choose Policy, and set parameters, as shown in Figure 2.

      Figure 2 Configuring a policy
    3. Configure a basic route.
      1. Choose Network > Routing > Destination Route, and click New.
      2. In Destination Route, add a static route to the VPC of the Hillstone firewall.
      3. Set Next-hop to an interface of the Hillstone firewall.
      4. Set Gateway to the subnet gateway address for the private IP address of the Hillstone firewall's interface.
        Figure 3 shows the key parameter settings.
        Figure 3 Configuring a destination route
      5. Click OK.
  3. Configure VPN connections.
    1. Choose Network > VPN > IPSec VPN. On the IPsec VPN tab page, click New.
    2. Click the plus sign (+) in the Peer Name drop-down list box to add peer information.
    3. Click the plus sign (+) in the Proposal1 drop-down list box to create a phase-1 proposal. Set parameters and click OK. Figure 4 shows the key parameter settings.
      Figure 4 Configuring a phase-1 proposal
    4. Configure VPN peers. As the Huawei Cloud VPN gateway has two EIPs bound, you need to configure two peers.

      Select the phase-1 proposal created in c from the Proposal1 drop-down list box. Click Advanced Configuration, toggle on NAT Traversal and DPD, and click OK.

      Figure 5 Configuring VPN peers
    5. Click the plus sign (+) in the P2 Proposal drop-down list box to create a phase-2 proposal. Set parameters and click OK. Figure 6 shows the key parameter settings.
      Figure 6 Configuring a phase-2 proposal
    6. Configure VPN connection information. Select each of the VPN peers created in d from the Peer Name drop-down list box, select the phase-2 proposal created in e from the P2 Proposal drop-down list box, and click OK.
      Figure 7 Configuring IPsec VPN
  4. Configure tunnel interfaces.
    1. Choose Network > Interface, click New, and choose Tunnel Interface.
    2. Configure two tunnel interfaces. Figure 8 shows the key parameter settings.
      Select the security zone created in a from the Zone drop-down list box, and select each of the two tunnel names configured in f for VPN Name.
      Figure 8 Configuring tunnel interfaces
  5. Configure service routes.
    1. Choose Network > Routing > Destination Route, and click New.
    2. Configure static routes from the Hillstone firewall to the Huawei Cloud VPC.

      In this example, the Hillstone firewall communicates with the Huawei Cloud VPC through two tunnels, and the Huawei Cloud VPC has two subnets. As such, you need to configure four static routes, as shown in Figure 9.

      Static routes 3 and 4 have the same destination addresses as static routes 1 and 2, respectively, but have lower priorities. In this way, static routes 3 and 4 are inactive after being configured.

      Figure 9 Configuring service routes