Configuring firewall, Overview, Configuring a packet-filter firewall – H3C Technologies H3C SecPath F1000-E User Manual
Page 61: Packet-filter firewall configuration task list
53
Configuring firewall
NOTE:
The firewall configuration is available only at the CLI.
Overview
A firewall can block unauthorized accesses from the Internet to a protected network while allowing
internal network users to access the Internet through, for example, WWW, or to send/receive E-mails. A
firewall can also be used to control access to the Internet, for example, to permit only specific hosts within
the organization to access the Internet. Many of today’s firewalls offer some other features, such as
identity authentication and security processing (encryption) of information.
Another application of firewall is to protect mainframes and important resources (such as data) on the
internal network. Any access to protected data must be first filtered by the firewall, even if such an access
is initiated by a user within the internal network.
The firewall mainly implements the following firewall functions:
•
Packet-filter firewall, which performs access control list (ACL) based packet filtering
•
Address translation
NOTE:
This chapter focuses on ACL packet-filter firewall. For more information about address translation, see
NAT and ALG Configuration Guide.
A packet-filter firewall implements IPv6 packet specific filtering. For each IPv6 packet to be forwarded,
the firewall first obtains the header information of the packet, including the number of the upper layer
protocol carried by the IP layer, the source address, destination address, source port number, and
destination port number of the packet. Then, it compares the obtained header information against the
preset ACL rules and processes the packet according to the comparison result.
Configuring a packet-filter firewall
Packet-filter firewall configuration task list
Task
Remarks
Enabling the IPv6 firewall function
Required
Configuring the default filtering action of the IPv6 firewall
Optional
Configuring IPv6 packet filtering on an interface
Required
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS