AV配置不生效

发布时间:  2012-07-20 浏览次数:  111 下载次数:  0
问题描述
客户反馈配置AV功能后不生效
告警信息
处理过程
查看接口流量比较大,而客户用的最高扫描等级 解压层数也比较高。

通过调整Scan level 为2
Max decompressable layer 为3后

[USG5120]dis utm bypass state
17:30:24  2012/03/24
UTM bypass function is enabled
问题解决
根因


1、  查看av全局是否使能

[USG5120]dis av global-configuration

17:14:12  2012/03/24

Global configuration information about Anti-Virus

------------------------------------------------------------

  Anti-Virus global switch : Enable

  Scan level               : 3

  Max decompressable layer : 10

 Enable 状态 说明已经使能

 2、  查看av策略应用是否正确

 [USG5120]dis policy interzone trust untrust outbound

17:17:10  2012/03/24

policy interzone trust untrust outbound

 firewall default packet-filter is permit

 policy 0 (1137194 times matched)

  action permit

  policy logging

  policy service service-set tcp (predefined)

  policy source any

  policy destination any

  policy av av-policy

  http-access log enable

域间应用也没有问题

 3、  查看av策略配置

[USG5120]  dis av policy av-policy

17:21:43  2012/03/24

AV Policy "av-policy"

================================================================================

  Description                    : Anti-Virus policy

  Referenced                     : 0

  Password-protected-file action : Permit

  Deep-compressed-file action    : Permit

  Malformed-file action          : Permit

  Large-file action              : Permit

 

  HTTP Protocol

    HTTP switch                             : Enable

    Action                                  : Block

    Transfer mode                           : Upload/Download

    Resume-transfer                         : Enable

    Accelerate-transfer                     : Disable

    Max file size to scan                   : 10 MBytes

    Scan mode                               : Specified extension

    HTTP file extension                     :

Web push notification                   : 该页面有病毒,已经屏蔽

 也没有发现问题

 4、  查看av 引擎特征库问题

[USG5120]dis av version

17:24:38  2012/03/24

==================Update information list===================

  Current version :

    Version number                : 20120322.003

    Engine version                : 1.1.1.4

    Engine size                   : 4106904 bytes

    Signature database version    : 20120322.003

    Signature database size       : 170012829 bytes

    Update time                   : 01:31:00 2012/03/23

Issue time of the update file : 10:38:00 2012/03/22

 已经是目前最新版本了

 5、  查看license是否过期

[USG5120]dis license

17:25:55  2012/03/24

Device ESN is: 210235G6AFZ0BA000032

The file activated is: flash:/licon00003593-a369904054b_usg5120.dat

The time when activated is: 2012/03/19  10:38:51

VFW: 25

expire time:2012-06-15.

 SSL VPN Maximal Concurrent User Number: 150

expire time:2012-06-15.

 IPS: ENABLED

expire time:2012-06-15.

 Anti Virus: ENABLED

expire time:2012-06-15.

 

Av功能并没有过期

 

6、  bypass功能是否开启

[USG5120]dis utm bypass state

17:28:12  2012/03/24

  UTM bypass function is enabled.

  UTM bypass function is active at current.

Active 表明bypass功能开启,当处理能力不足时,USG会优先选择放行业务。

建议与总结

av不生效可以按照此方法排查故障

END