![]() Security Analyst with 8+ yrs of experience in IT Security, Infrastructure support.The following table shows actions of the AC for different protocols in different directions. If the virus matches neither virus exceptions nor application exceptions, the action for protocol and transfer direction specified in the profile applies. If you have added 163.com to Application Exception List and set its response action to Alert, still inherits the response action of HTTP, which is Block, whereas 163.com uses the response action of Alert.If the response action for HTTP is Block, response actions for 163.com and are also Block.If the action for a protocol is defined and the action for an application that uses the protocol is defined, the action for the application takes precedence over that for the protocol.įor example, traffic of 163.com and is transmitted over HTTP.If the action for a protocol is defined but no action is defined for any application, the action for the protocol applies to all applications that use the protocol. ![]() For example, traffic of 163.com and is transmitted over HTTP.Īctions for applications and protocols have different priorities: Multiple applications may use a same protocol. The action of an application exception can be different from that for the protocol used by the application. If it matches an application exception, it is processed according to actions (permit, alert, or block) for application exceptions. ![]() If the virus does not match any virus exception, check whether it matches an application exception. If the detected virus matches a virus exception, the response action on the file is permit. To prevent file transfer failures resulting from false positives, virus exception IDs that users identify as false positives. To identify new viruses, the virus signature database must be constantly updated from the update center.Īfter viruses are identified in a file in transfer, the AC:Ĭhecks whether this virus is an exception. After the database is loaded, the device can identify viruses that match the signatures defined in the database. This database defines common virus signatures and assigns a unique virus ID to each signature. Huawei analyzes and summarizes common virus signatures to construct the virus signature database. If no match is found, the file is permitted. ![]() If a match is found, the file is considered infected and processed according to the action specified in the profile. The IAE extracts signatures of applicable files and compares the extracted features with virus signatures in the virus signature database. In this case, set the trust zone as the source security zone and the dmz as the destination security zone on the attack defense profile configuration page and set the SMTP inspection direction to Upload on the antivirus configuration page. In this case, set the trust zone as the source security zone and the untrust zone as the destination security zone on the attack defense profile configuration page and set the FTP inspection direction to Download on the antivirus configuration page.Įxample 2: A user in the trust zone needs to upload email to the SMTP server in the dmz. Therefore, when configuring attack defense profiles, set the security zone where the client resides as the source zone and that where the server resides as the destination zone.Įxample 1: A user in the trust zone needs to download files from the FTP server in the untrust zone. Connection requests are initiated by clients.
0 Comments
Leave a Reply. |