The Huawei USG Firewall is a robust and versatile network security solution designed to safeguard modern enterprise networks. With its comprehensive set of features and advanced threat protection capabilities, the USG Firewall provides a robust defense against a wide range of cyber threats and ensures the integrity and confidentiality of network data.
Supported Actions
S.no | Action | Description |
1 | BLOCK IP AS SOURCE | Block an IP Address as source on the Huawei USG firewall |
2 | BLOCK IP AS DESTINATION | Block an IP Address as a Destination on the Huawei USG firewall |
3 | ADD URL TO BLACKLIST | Block a domain on Palo Alto firewall |
4 | ADD URL TO WHITELIST | Unblock a domain on Huawei USG firewall |
5 | ADD DOMAIN TO BLACKLIST | Block a URL on Huawei USG firewall |
6 | ADD DOMAIN TO WHITELIST | Unblock a URL on Huawei USG firewall |
7 | UNBLOCK IP AS SOURCE | Unblock IP from source on Huawei USG firewall |
8 | UNBLOCK IP AS DESTINATION | Unblock IP from Destination on Huawei USG firewall |
9 | REMOVE URL FROM BLACKLIST | Remove a URL from BLACKLIST on Huawei USG firewall |
10 | REMOVE URL FROM WHITELIST | Remove a URL from WHITELIST on Huawei USG firewall |
11 | REMOVE DOMAIN FROM BLACKLIST | Remove a DOMAIN from BLACKLIST on Huawei USG firewall |
12 | REMOVE DOMAIN FROM WHITELIST | Remove a DOMAIN from WHITELIST on Huawei USG firewall |
Configure the Huawei Firewall
Configure the security policy.
Configure port 1025 as the RESTCONF service port.
Choose Object > Service > Service and click Add.
Configure a security policy to reference the RESTCONF service.
Choose Policy > Security Policy > Security Policy and then Add > Add Security Policy.
3. Configure the administrator and the corresponding service type and authentication type.
Set the service type to API. The administrator is in level 15.
Choose System > Administrator > Administrator and click Add.
4. Configure an HTTPS port, enable the RESTCONF interface, and set the certificate and session timeout period.
Choose System > Administrator > Service Settings.
5. Create a Profile in DNS-Profile
Go to Object > Security Profiles > DNS-Profile
Create a new profile there "sirp_dns"
β
6. Create a Profile in URL-Profile
Go to Objects > Security Profiles > URL-Profile
Create a new profile there "sirp_url"
β
Enable the Huawei Firewall App in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named Huawei Firewall.
Enable the Huawei Fireall app by clicking on the toggle button under the Status
When you enable the App, you will get an option to add the configuration details. Add the following details and click Save:
URL :<https://IP Address:1025>
Username: <admin (on your preference)>
Password:<password>
DNS-PROFILE:<Name of the profile created in DNS in Security Profiles>
URL-PROFILE:<Name of the profile created in URL in Security Profiles>
VSYS:<public>
DESTINATION-RULE: <Name of the Policy Created in Security Policy>
SOURCE-RULE :< Name of the Policy Created in Security Policy>
After the last step, you should be able to execute the Huawei actions on-demand or through Playbooks to block and unblock IP addresses, URLs, and domains.