Help Center/ Huawei Qiankun CloudService/ Security Cloud Services/ Qiankun Shield and Firewall Onboarding/ FAQ/ How Do I Configure Security Policies Required by Border Protection and Response Service (USG6000E Firewalls)?
Updated on 2024-01-25 GMT+08:00
View PDF
Share

How Do I Configure Security Policies Required by Border Protection and Response Service (USG6000E Firewalls)?

Perform the following steps:

  1. Create the antivirus profile AV_default and the IPS profile IPS_default. Reference the created profiles when configuring security policies required by services.
    1. Choose Object > Security Profiles > Antivirus, create the antivirus profile AV_default as shown in the following figure, and click OK.
      Figure 1 Creating an antivirus profile

    2. If the following prompt is displayed, select the check box as shown in the following figure, and click OK.
      Figure 2 Confirm

    3. Choose Object > Security Profile > Intrusion Prevention and create the intrusion prevention profile IPS_default as shown in the following figure.
      Figure 3 Creating an intrusion prevention profile

    4. Click Add, configure a signature filter for IPS_default as shown in the following figure, and click OK.
      Figure 4 Configuring a signature filter

    5. If the following prompt is displayed, select the check box as shown in the following figure, and click OK.
      Figure 5 Confirm

    6. Click Commit in the upper right corner of the page to submit the security profiles for activation. The security profiles take effect only after being activated.
  2. Configure security policies required by services.
    1. Choose Policy > Security Policy > Security Policy, click Add Security Policy, and configure the security policies untrust-trust, trust-untrust, local-cloud, and rule_iss_dns in that sequence.
    2. Configure the security policy untrust-trust. Set the source security zone to untrust, destination security zone to trust, antivirus profile to AV_default, intrusion prevention profile to IPS_default, and action to Permit.
      Figure 6 Configuring a security policy named untrust-trust

    3. Configure the security policy trust-untrust. Set the source security zone to trust, destination security zone to untrust, antivirus profile to AV_default, intrusion prevention profile to IPS_default, and action to Permit.
      Figure 7 Configuring a security policy named trust-untrust

    4. Configure the security policy local-cloud. Set the source security zone to local, destination security zones to trust and untrust, service to any, and action to Permit.
      Figure 8 Configuring security policy named local-cloud

    5. Configure the security policy rule_iss_dns. Set the source security zone to local, destination security zones to trust and untrust, service to dns, and action to Permit.
      Figure 9 Configuring a security policy named rule_iss_dns

Parent topic: FAQ