Labnario Huawei From Scratch
What does it mean outbound NAT?
Outbound NAT translates the source IP addresses of packets sent from a high-priority security zone to a low-priority one.
I allowed myself to post a flowchart of configuring intranet users to access extranet through NAT (from Huawei documentation):
It easily lets us to choose a suitable way of configuring outbound NAT. In this lab I will try to do a review of these methods.
https—>webUI—>Huawei Secospace USG6300
As a graphical user interface is useless in case of routers and switches, it looks useful when configuring a firewall. Of course it is my point of view. I do not go into what is better for you. I like using CLI but, sometimes, it is worth to simplify your daily routine. The first step is to configure HTTPS access to webUI of USG6300. This is what we will focus today.
Well known topology from the last post:
Configure IP address of firewall’s interface and add it to trust zone:
[USG6300]interface GigabitEthernet 0/0/7 [USG6300-GigabitEthernet0/0/7]ip address 172.16.1.1 24 [USG6300]firewall zone trust [USG6300-zone-trust]add interface GigabitEthernet 0/0/7
VTY access to Secospace USG6300
A new box for fun 🙂
Thanks to my colleagues I have opportunity to test Huawei Secospace USG6300.
A rental period is not long, so let’s start from the beginning.
Telnet and SSH
Configure IP address of firewall’s interface and assign it to trust zone:
[USG6300]interface GigabitEthernet 0/0/7 [USG6300-GigabitEthernet0/0/7]ip address 172.16.1.1 24 [USG6300]firewall zone trust [USG6300-zone-trust]add interface GigabitEthernet 0/0/7