USG 6300 – Bidirectional NAT on Huawei Firewalls

glitchlist Uncategorized Leave a Comment

Nat 1:1 static configuration or “Server Mapping” in Huawei have a strange behavior on the WEB GUI. Based on USG 6300 series with V500R001C60SPC500 firmware, when you configure bidirectional NAT it behaves like a SOURCE NAT.

Solution:

# Logon to the USG Firewall in SSH


# Search for nat configuration:

<FW-USG>dis cu | i nat
nat server SERVER-NAT_1 zone untrust global 10.99.250.10 inside 192.168.88.10 no-reverse unr-route


# Delete NAT Configuration:

[FW-USG] undo nat server SERVER-NAT_1 zone untrust global 10.99.250.10 inside 192.168.88.10 no-reverse unr-route


# Create NAT on the CLI ommitting no-reverse option:

[FW-USG]nat server SERVER-NAT_1 zone untrust global 10.99.250.10 inside 192.168.88.10

# TEST! 

There are platforms, such as new generation firewalls that have a very powerful web management portal. But in general in network environments, especially on routers, CONFIGURE EVERYTHING via CLI PLEASE !!!

.glitchlist crew

Leave a Reply

Your email address will not be published. Required fields are marked *