Scribd
Upload
101 views26 pages

How To Simulate Huawei Firewall On Ensp

The document provides a comprehensive guide on simulating a Huawei Firewall using the eNSP software, detailing the steps to obtain and install the USG image. It outlines the necessary configurations for both the eNSP environment and the Windows 10 machine, including setting up a loopback adapter for communication. The guide concludes with instructions on accessing the USG firewall's web UI for management and configuration tasks.

Uploaded by

Arsène NGABA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
101 views26 pages

How To Simulate Huawei Firewall On Ensp

The document provides a comprehensive guide on simulating a Huawei Firewall using the eNSP software, detailing the steps to obtain and install the USG image. It outlines the necessary configurations for both the eNSP environment and the Windows 10 machine, including setting up a loopback adapter for communication. The guide concludes with instructions on accessing the USG firewall's web UI for management and configuration tasks.

Uploaded by

Arsène NGABA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 26

HOW TO SIMULATE HUAWEI FIREWALL ON

ENSP
Universal Security Gateway (USG) is the product branding for Huawei
next-generation AI-enabled application security firewall. It comes with several
forms – modular and virtual appliance. Introducing AI-based threat response,
software-defined network-security defense, and intelligent security policy
optimization, Huawei network security through its series of USG products help
mitigating network security risks as customers go digital.

To provide proof-of-concept kinds of network security solutions prior to the


purchase, rollout and implementation of firewall, it will cost a bomb to
purchase the real physical products and solutions to testify. Hence, the
simulated solution environment with the real Huawei USG platform serves its
purpose.

The next relevant questions arise are:

1) Where shall I obtain the virtualized USG image to perform the simulation?

2) How do I install the acquired image on the eNSP simulated environment?

3) How do I access the USG security firewall from my Windows 10 machine to


configure the product?

PART 1: WHERE SHALL I OBTAIN


THE USG IMAGE?
The USG image I plan to install, is a Huawei proprietary software image. It is
only uniquely run on the eNSP software. Using a renown search engine to
locate the software is the best approach to locate it.

Step 1.1: Open Chrome or Edge web browser to locate the required image.
Follow the steps as shown below. Search for the keyword “ensp”.
Locate the download link of the image via web browser.
Step 1.2: The discovered link will lead me to a public Facebook link as shown
below.
Click the link shown above for the direct download source folder.
Step 1.3: From the MegaNZ cloud shared folder, select the required image to
download as shown below:
USG6000V.zip
Download the USG firewall image as shown

The downloaded zipped image file is ready for extraction prior to the
installation
PART 2: HOW DO I INSTALL THE
USG IMAGE ON ENSP?
Prior to the USG image installation, the pre-requisite that I have my eNSP
software is completely installed and running fine. If the eNSP software has not
been installed, kindly refer to my first blog on “How To install Huawei eNSP on
Windows 10” to get it started and running.

Step 2.1: Extract the downloaded zipped USG image.


Extract the USG6000.zip file

Choose a folder to store the extracted image file


Step 2.2 : Install the USG image file on eNSP. Locate the extracted image file
named vfw_usg.vdi from the folder storing the file. Open up the eNSP
application software to load the file to start.
Locate and identify the image for loading in eNSP
Open a new topology on eNSP platform as shown below.
A new topology is created for deploying USG image
Step 2.3: Add USG6000v device onto the new topology workspace. Then add
a cloud image onto the same workspace too. The cloud image serves as a
translator between physical machine and the virtual USG firewall. Follow the
steps as shown below:
Adding the required components on the new topology workspace

The properties setting of Cloud1 requires a loopback adapter to connect.


Note: Cloud1 requires a loopback adapter. Install Microsoft network loopback
adapter if your Windows 10 machine does not have one.

Step 2.4: Configure a local loopback adapter on Windows 10 machine. The


loopback adapter is the network interface used to communicate to the virtual
USG firewall on eNSP upon configuration completed. By default, Windows 10
machine does not come with pre-installed loopback adapter. Installing a
loopback adapter with a local private IP address matching the firewall
management address allowing us to manage the USG in graphical user
interface view.

Step 2.4.1: Install a loopback network adapter on Windows 10. Go to Device


Manager and add a new loopback network adapter as shown below:
Add Hardware Wizard to add a new loopback network adapter.
Next, proceed to choose and add a new hardware component, which is a
network adapter as steps shown below:
Add a new network adapter

Adding loopback network adapter


Verify the loopback adapter was completely installed from the Device
Manager applet.
Microsoft Loopback adapter installed.
Step 2.4.2: Configure the loopback adapter address manually. Follow the
steps as displayed below:
Configure a manual IP address for the loopback adapter.
Configure an IP address for the loopback adapter to match the USG firewall
management address at 192.168.0.0/24 subnet, for instance. The default
firewall IP address is 192.168.0.1/24. We can change the default IP address to
avoid address conflicts in your LAN. Otherwise we can proceed with the
default address plan. In this example, I change the IP address plan for the
illustration purposes.
Configure IP address of the loopback adapter to manage the USG firewall as
shown.
Step 2.5: Open up eNSP application and load a new topology. Select ‘Cloud1’
and ‘USG6000V’ for the subsequent required configurations.

Step 2.5.1: Install the USG firewall image by loading it onto the virtual device
upon starting it for the first time. Upon starting up the USG6000V for the first
time (no installed image), it prompts for the import of the image file as shown
in the steps below.
Loading USG firewall image
Step 2.5.2: Power up USG6000V and verify the device is working properly by
accessing its console as shown below.
USG6000V access console
Note: The default username and password for the USG6000V
is admin and Admin@123 respectively. We need to change the default
password upon login it.

Default information relating to the USG6000V firewall as follows:

Default System Name USG6000V1

Default IP Address 192.168.0.1

Default Subnet Mask 255.255.255.0

Built-in Username admin

Default Password Admin@123


Default settings in USG6000V
Step 2.5.3: Check USG6000V default IP address from the console access.
Use the command ‘display ip interface brief’ as shown below.

Verify the default management IP address of USG6000V.


Step 2.5.4 (Optional): Change the default management IP address of the USG
firewall to the segment same as my loopback address plan at 192.168.1.0/24.
I plan to use the management IP address of the USG firewall at
192.168.1.1/24 while my loopback address at 192.168.1.100/24.

Change the management IP address of the USG firewall as follows:


Step 2.5.5: Configure Cloud1 (representing your Windows 10 host machine) to
communicate with the virtual USG6000V firewall. Follow the steps below
closely to configure Windows 10 host to communicate with the firewall for the
subsequent firewall security management tasks.
Prior to this cloud 1 setting, the local PC loopback address has been assigned
in the previous step 2.4.2.
Right click on Cloud1 to start setting the required configuration parameters as
shown below:
i. Right click on Cloud1 icon and select ‘Properties’
ii. Select ‘GE’ from Port Type; add two options a) Loopback adapter (as in my
case Ethernet3) and b) UDP for the BindingInfo.
iii. For the port map setting, choose ‘GE’ for Port Type and assign Remote Port
Number as 2 and check the Two-way Channel box; then add into the port
mapping table as shown below:
Cloud1 setting for local PC loopback adapter setup
Step 2.5.6 : Configure the firewall management interface for administration
and not for data forwarding. Clear up the current default management
interface configuration, followed by reconfiguring the interface for system
administration only.

A) Clear up the current default management interface configuration.


Right click on Cloud1 and FW1 to start up, wait till the green dot status on the
port shown above.
Double click FW1 to open up the USG firewall device after booting up
completely. [Wait for the green dot sign as shown in the diagram above].

Issue the following command to clear the default management interface


configuration.
undo ip binding vpn-instance default
Configure the changed IP address for the management interface gi0/0/0 and
enable service administration function.

ip address 192.168.1.1 24
service-manage enable
service-manage https permit
Step 2.5.6 : Test drive accessing the web UI administration from your own PC
browser as shown below:

Enter the url address as https://192.168.1.1:8443 on the browser to access


the web UI administration of the USG firewall as shown below.
USG Firewall Web UI interface
Login the web portal with user account Admin and your currently changed
user password.

Enter your login credentials to access


Once the login is successful, you can start to configure your firewall functions.

Finally, come to the conclusion of the whole installation process, it is


expected to work fine with your eNSP simulator as well from the guide. If you
like the technical guide blog, kindly like and share the blog to benefit more.
Your constructive feedback is much appreciated for my motivation to produce
future blogs.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy