< Home

Local Security Policies

This section describes the concept and deployment requirements of local security policies.

Security policies can control both the traffic passing through the FW and the local traffic. Local traffic refers to the traffic destined for the FW or the traffic sent from the FW.

In many applications where the FW needs to send and receive packets, enable the security policies for local traffic. The applications include:
  • The FW needs to be managed. For example, log in to the FW through Telnet or web UI or manage the FW through an SNMP NMS.
  • The FW that serves as the client or server of a service needs to proactively send requests to the peer or process requests from the peer, for example, FTP, PPPoE dialup, NTP, IPSec VPN, DNS, upgrade service, remote URL query, and email sending.
Configuration requirements for the security policies that control local traffic are as follows:

  • The FW is in the Local zone.

  • Security zone to which the interface connected to the peer device belongs

  • Other matching conditions, such as the source address, destination address, and service

  • Action

For example, allow the FW to access the upgrade center. The configuration is as follows:
  • Source zone: Local
  • Destination zone: zone of the upgrade center
  • Destination address: address of the upgrade center
  • If the upgrade mode is set to HTTPS, HTTPS must be permitted. If the upgrade mode is set to HTTP, HTTP, FTP, and user-defined services whose protocol is TCP and destination port ranges from 10001 to 15000 must be permitted.
  • Action: permit
Parent Topic: Understand Security Policies
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >