Navigation: Operation and Maintenance > Security Maintenance > Network Layer Security > Network Security Maintenance >
You must periodically check firewalls if they are deployed on the network. Quidway Eudemon 1000E series firewalls are recommended.
Checking Firewall Statuses
Firewall status information can be collected in all views. If invalid firewall information is detected, handle it in time.
You must check the following information:
ϒ⁄Firewall version
ϒ⁄Firewall clock
ϒ⁄End user
ϒ⁄Initial configuration
ϒ⁄Configuration of the current view
ϒ⁄Current configuration
ϒ⁄Debug switch status
ϒ⁄Technical support information
ϒ⁄Equipment serial number (ESN)
Checking Security Zone Configurations
If firewalls are deployed between internal networks and external networks, you must check security zone configurations and inter-security zone configurations.
You can create security zones on firewalls to provide different security guarantee for users in different security zones.
Checking the Default Packet Filter Rules
Check the default packet filter rules to identify data packets that can be received and data packets that must be denied. If incorrect packet filter rules are detected, handle them in time.
Checking the NAT Configuration
If network address translation (NAT) traversal is implemented on the network, check the NAT configuration and the current firewall configuration. If the incorrect NAT configuration is detected, modify it in time.
Checking VLAN Information
A Local Area Network (LAN) can be divided into multiple Virtual Local Area Networks (VLANs) logically. Hosts on a VLAN can communicate with each other, and hosts between VLANs cannot communicate with each other. That is, broadcast packets can be sent between hosts on the same VLAN, which improves network security.
Check VLAN statues, VLAN configurations, and related IP addresses. If exception information is detected, handle it in time.
Perform the preceding operations by referring to related firewall documents.
Parent Topic: Network Security Maintenance