Basic Eudemon Firewall Configuration

Today is boring. I haven't opened my job, and I don't know what to do. I haven't come to my blog for a long time. Let's take a look at it today. Ah. No updates in 10 months. Update it today. This article is actually written by someone else. I will paste it on my own wall by the way.

   All previously used CISCO devices. It is still a bit unfamiliar with Huawei's firewall equipment. After receiving a command to build a "dual-line + Master/Slave firewall", the focus of this time is not on Dual-line, the key point is to ensure that the firewall can be connected to the internet before the dual-line is implemented, that is, the basic configuration. The device used this time is EUDEMON 200.

1. Introduction
The Eudemon Firewall is a network security device. Therefore, you must first ensure that Eudemon can communicate with other devices at the network layer and has basic security protection functions. This section is a prerequisite for more in-depth security configuration and must be configured.
Basic security protection parameters include the operating mode, interface IP address, network parameter, routing protocol, security region, and membership relationship between interfaces and Security Regions.
2. Configuration prerequisites
Before specific configuration, please understand the network topology again to clarify the Entire networking situation and related network information. Based on the company's network topology, deploy devices in various locations and connect them correctly. If the Eudemon firewall software version is correct, the local configuration environment of the Eudemon firewall will be set up through the Console interface.
3. Procedure
Step 1: Configure Eudemon working mode.
# Configure Eudemon to work in routing mode.
[Eudemon] firewall mode route
Step 2: configure the IP addresses, network parameters, and default routes of each interface.
The Eudemon firewall connects to the Trust, DMZ, and Untrust security areas. Therefore, you need to configure the IP address, link layer, network layer, and Routing Parameters of the related connection interfaces to connect the Eudemon network layer to other devices.
# Configure the IP address of the Ethernet0/0/0 interface of Eudemon firewall.
[Eudemon] interface, ethernet, 0/0/0
[Eudemon-Ethernet0/0/0] ip address 10.110.1.11 255.255.255.0
[Eudemon-Ethernet0/0/0] quit
# Configure the internet IP address of the Etherent1/0/0 interface of Eudemon firewall.
[Eudemon] interface, ethernet, 1/0/0
[Eudemon-Ethernet1/0/0] ip address 202.38.160.1 255.255.255.0.0
[Eudemon-Ethernet1/0/0] quit
# Configure the IP address of the Etherent2/0/0 interface of Eudemon firewall.
[Eudemon] interface, ethernet, 2/0/0
[Eudemon-Ethernet2/0/0] ip address 10.110.5.11 255.255.255.0
[Eudemon-Ethernet2/0/0] quit
# Configure the default route for Eudemon firewall to reach the Internet.
[Eudemon] ip route-static 0.0.0.0 0.0.0.0 202.38.160.15

& Note:

The default Link Layer Protocol encapsulated on the Ethernet interface is Ethernet_II. Therefore, you do not need to manually execute commands to configure the encapsulation protocol.

Step 3: Create or configure a security region and add the affiliated interfaces for the security region.
The three Ethernet interfaces of Eudemon firewall are connected to the security regions reserved by the Trust, DMZ, and Untrust systems. Therefore, you only need to add the affiliated interfaces to the security zone.
# The configuration Trust area contains the Ethernet0/0/0 interface.
[Eudemon] firewall zone trust
[Eudemon-zone-trust] add API ethernet 0/0/0
[Eudemon-zone-trust] quit
# The DMZ configuration area contains the Ethernet2/0/0 interface.
[Eudemon] firewall zone dmz
[Eudemon-zone-dmz] add API ethernet 2/0/0
[Eudemon-zone-dmz] quit
# The configured Untrust region contains the Ethernet1/0/0 interface.
[Eudemon] firewall zone untrust
[Eudemon-zone-untrust] add API ethernet 1/0/0
[Eudemon-zone-untrust] quit

Step 4: security area package filtering rules
# The ACL must be defined.
[Eudemon] acl number 3001
[Eudemon] rule 0 permit ip source IP destination any
# Apply the configured ACL rules between security zones
[Eudemon] firewall interzone trust untrust
[Eudemon] nat outbound3001 address-group 1

Step 5: allow firewall packet filtering
[Eudemon] firewall packet-filter default permit interzone local trust direction inbound
[Eudemon] firewall packet-filter default permit interzone local trust direction outbound
[Eudemon] firewall packet-filter default permit interzone local untrust direction inbound
[Eudemon] firewall packet-filter default permit interzone local untrust direction outbound
[Eudemon] firewall packet-filter default permit interzone trust untrust direction inbound
[Eudemon] firewall packet-filter default permit interzone trust untrust direction outbound

You may feel this time When configuring eudemon. Conclusion: practice should be better if you do more homework. I checked the information before starting the configuration. Many documents are written in Step 4. The basic configuration is OK and can be connected to the INTERNET. However, I cannot get through configuration 200. Later, I configured Step 5 firewall package filtering, and then OK.

This article is from the "study at work, share after learning" blog!