Help Center/ Virtual Private Network/ Administrator Guide/ S2C Enterprise Edition VPN/ Interconnection with a Hillstone Firewall/ BGP Routing Mode/ Configuration on the Hillstone Firewall
Updated on 2025-08-19 GMT+08:00
View PDF
Share

Configuration on the Hillstone Firewall

Prerequisites

The basic network configuration of the Hillstone firewall has been completed.

Procedure

  1. Log in to the configuration page.

    A firewall running the 5.5R9 version is used as an example. The configuration pages may vary according to the firewall models and software versions.

  2. Complete basic settings.
    1. Configure a security zone.

      Choose Network > Zone. Click New and set parameters, as shown in Figure 1.

      Figure 1 Configuring a security zone
    2. Configure a security policy.

      Choose Policy > Security Policy > Policy. Click New, choose Policy, and set parameters, as shown in Figure 2.

      Figure 2 Configuring a policy
    3. Configure a basic route.

      Choose Network > Routing > Destination Route. Click New and set parameters, as shown in Figure 3.

      Figure 3 Configuring a destination route
  3. Configure VPN connections.
    1. Choose Network > VPN > IPSec VPN. On the IPsec VPN tab page, click New.
    2. Click the plus sign (+) in the Peer Name drop-down list box to add peer information.
    3. Click the plus sign (+) in the Proposal1 drop-down list box to create a phase-1 proposal. Set parameters and click OK. Figure 4 shows the key parameter settings.
      Figure 4 Configuring a phase-1 proposal
    4. Configure VPN peers. As the Huawei Cloud VPN gateway has two EIPs bound, you need to configure two peers.

      Select the phase-1 proposal created in c from the Proposal1 drop-down list box. Click Advanced Configuration, toggle on NAT Traversal and DPD, and click OK.

      Figure 5 Configuring VPN peers
    5. Click the plus sign (+) in the P2 Proposal drop-down list box to create a phase-2 proposal. Set parameters and click OK. Figure 6 shows the key parameter settings.
      Figure 6 Configuring a phase-2 proposal
    6. Configure VPN connection information. Select each of the VPN peers created in d from the Peer Name drop-down list box, select the phase-2 proposal created in e from the P2 Proposal drop-down list box, and click OK.
      Figure 7 Configuring IPsec VPN
  4. Configure tunnel interfaces.
    1. Choose Network > Interface, click New, and choose Tunnel Interface.
    2. Configure two tunnel interfaces. Figure 8 shows the key parameter settings.
      Select the security zone created in a from the Zone drop-down list box, and select each of the two tunnel names configured in f for VPN Name.

      In the Tunnel Binding area, the gateway address must be set to the IP address of the peer tunnel interface. Otherwise, traffic cannot be forwarded.

      Figure 8 Configuring tunnel interfaces
  5. Configure BGP.

    Choose Network > Routing > BGP, and complete the BGP configuration, as shown in Figure 9.

    Set Router ID to the gateway address of the downlink private network interface on the Hillstone firewall, Network to the CIDR block of the on-premises data center, and Neighbor to each of the two peer tunnel interfaces.

    Figure 9 Configuring BGP
Parent topic: BGP Routing Mode