Skip to main content
All CollectionsIntegration Guide
HUAWEI FIREWALL USG
HUAWEI FIREWALL USG
H
Written by Hassan Shozeb
Updated over a week ago

The Huawei USG Firewall is a robust and versatile network security solution designed to safeguard modern enterprise networks. With its comprehensive set of features and advanced threat protection capabilities, the USG Firewall provides a robust defense against a wide range of cyber threats and ensures the integrity and confidentiality of network data.


Supported Actions

S.no

Action

Description

1

BLOCK IP AS SOURCE

Block an IP Address as source on the Huawei USG firewall

2

BLOCK IP AS DESTINATION

Block an IP Address as a Destination on the Huawei USG firewall

3

ADD URL TO BLACKLIST

Block a domain on Palo Alto firewall

4

ADD URL TO WHITELIST

Unblock a domain on Huawei USG firewall

5

ADD DOMAIN TO BLACKLIST

Block a URL on Huawei USG firewall

6

ADD DOMAIN TO WHITELIST

Unblock a URL on Huawei USG firewall

7

UNBLOCK IP AS SOURCE

Unblock IP from source on Huawei USG firewall

8

UNBLOCK IP AS DESTINATION

Unblock IP from Destination on Huawei USG firewall

9

REMOVE URL FROM BLACKLIST

Remove a URL from BLACKLIST on Huawei USG firewall

10

REMOVE URL FROM WHITELIST

Remove a URL from WHITELIST on Huawei USG firewall

11

REMOVE DOMAIN FROM BLACKLIST

Remove a DOMAIN from BLACKLIST on Huawei USG firewall

12

REMOVE DOMAIN FROM WHITELIST

Remove a DOMAIN from WHITELIST on Huawei USG firewall

Configure the Huawei Firewall

Configure the security policy.

  1. Configure port 1025 as the RESTCONF service port.

    Choose Object > Service > Service and click Add.

  2. Configure a security policy to reference the RESTCONF service.

    Choose Policy > Security Policy > Security Policy and then Add > Add Security Policy.

3. Configure the administrator and the corresponding service type and authentication type.

Set the service type to API. The administrator is in level 15.

Choose System > Administrator > Administrator and click Add.

4. Configure an HTTPS port, enable the RESTCONF interface, and set the certificate and session timeout period.

Choose System > Administrator > Service Settings.

5. Create a Profile in DNS-Profile
Go to Object > Security Profiles > DNS-Profile
Create a new profile there "sirp_dns"
โ€‹
6. Create a Profile in URL-Profile
Go to Objects > Security Profiles > URL-Profile
Create a new profile there "sirp_url"
โ€‹


Enable the Huawei Firewall App in SIRP

  • First, log in to SIRP, then go to Apps from the left navigation bar.

  • Locate the app named Huawei Firewall.

  • Enable the Huawei Fireall app by clicking on the toggle button under the Status

    When you enable the App, you will get an option to add the configuration details. Add the following details and click Save:

  • URL :<https://IP Address:1025>

  • Username: <admin (on your preference)>

  • Password:<password>

  • DNS-PROFILE:<Name of the profile created in DNS in Security Profiles>

  • URL-PROFILE:<Name of the profile created in URL in Security Profiles>

  • VSYS:<public>

  • DESTINATION-RULE: <Name of the Policy Created in Security Policy>

  • SOURCE-RULE :< Name of the Policy Created in Security Policy>

After the last step, you should be able to execute the Huawei actions on-demand or through Playbooks to block and unblock IP addresses, URLs, and domains.

Did this answer your question?