No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Prohibit Users from Uploading and Downloading Data Through the Thunder and Web Disks (Using the Web Platform)?

How Do I Prohibit Users from Uploading and Downloading Data Through the Thunder and Web Disks (Using the Web Platform)?

Networking Requirements

An AR is used by an enterprise as the egress gateway and connects to the Internet. The enterprise wants to prohibit employees from using the Thunder and web disks to upload data to and download data from the office network since data upload and download occupy the network bandwidth and affects the work efficiency.

Figure 29-95  Networking diagram for prohibiting upload and download

Prerequisites

Network configurations have been completed on devices and the license containing the value-added service package for security services has been loaded.

Procedure

  1. Enable value-added security services.

    Log in to the web platform and choose System Management > System Configuration > Service Management. The Service Management page is displayed. In the Service Management area, click Enabled in the line of Value-added security service. Click Apply to enable deep security according to Figure 29-96.

    Figure 29-96  Service management

  2. Configure a list of applications on which the network behavior management policy is to be applied.

    Choose Security > Network Behavior Management > Basic Configuration. The Basic Configuration page is displayed. On the Application List page, click Create. On the displayed page, configure the network behavior management rules according to Figure 29-97. Set Monitored subnet to Any. On the Application Protocol tab page, select Network_Storage, File_Sharing, and FileShare_P2P, set Control Mode to Deny, and Repeat Time to any.

    Figure 29-97  Creating an application

  3. Apply the network behavior management policy on the interface.

    Choose Security > Network Behavior Management > Basic Configuration. The Basic Configuration page is displayed. On the Function Setting page, click . On the displayed page, select the interface on which the network behavior management function needs to be applied according to Figure 29-98. For example, select GE0/0/1. Click to add GE0/0/1 to the selected interface list. Click OK.

    Figure 29-98  Selecting an interface

    Click Apply. The configuration of a network behavior management policy is completed according to Figure 29-99.

    Figure 29-99  Applying the network behavior management policy

  4. Apply the traffic policy in the inbound direction.

    Choose QoS > Traffic Management > Policy Application. The Policy Application page is displayed. In Policy Application List, click next to the interface to which a network behavior management policy is applied. On the Modify Policy Application page that is displayed, change the value of Direction to Inbound, and click OK, as shown in Figure 29-100.

    Figure 29-100  Modify Policy Application

Precautions

  1. This example uses an AR1220 running V200R007C00SPCb00.
  2. When the value-added security services are enabled, the system automatically loads the signature file for network behavior management from the system file to the device storage medium (flash memory, USB flash drive, or SD card). Therefore, the current storage medium must have sufficient available space. Based on the empirical value, the available space needs to be greater than 30 MB.
  3. If you want to apply the network behavior management policy to all users, apply the network behavior management function on a public network interface. If you want to apply the network behavior management policy to some specific IP addresses, apply the network behavior management function on an intranet interface and ensure that NAT outbound is not enabled on the intranet interface.
  4. You are advised to upgrade the network behavior management signature database to the latest version.
  5. For your better understanding, some application examples are provided for each protocol set for reference in the following table.

    For details, visit Huawei Security Center.

    Table 29-76  Protocol set categories and description

    Name

    Description

    Application Example

    Auth_Service

    Service that provides safe and reliable identity authentication services online.

    -

    Finance

    Online banking and stock.

    STongHuaShun and China Merchants Securities

    Data_Backup

    Important tool for users to recovery data and ensures the security and integrity of enterprise data.

    cwRsync and SafeCopy

    Database

    Application software designed to manage the data, providing storage, access, security, backup and other functions.

    Oracle and MySQL

    Email

    Application that enables users to write, send, and receive mails over the Internet.

    GMail and OutLook

    Enterprise_Application

    Software provided to meet the needs of enterprise application.

    MS_Office_OneNote and Zoho_Login

    Internet_Conferencing

    Application that allows users to share documents, make presentations, and hold meetings with others on a network.

    -

    Remote_Access

    Application that provides the remote access service, for example, the application software that allows one computer to access and control another computer.

    TeamViewer and Telnet

    Game

    Application provided on the Internet, enabling entertainment and communication using servers of game providers and computers of users.

    WOW and QQGame

    Instant_Messaging

    Application that allows two or more people on the network to transfer text messages, files, voice and video communication instantly on a network.

    Skype_IM and ICQ_IM

    Media_Sharing

    Sharing audio, video with others on a network.

    Itunes and QQMusic

    Wireless

    Application on mobile phones to support wireless network access.

    Android_PushMessage

    Social_Networking

    Website that supports communication between users with the same interests and taking part in same activities on the Internet.

    Facebook and Myspace

    VoIP

    Application that enables users to make calls and transfer text, voice, and video at lower costs over an IP network.

    WeiXin_VoIP and FaceTime

    Web_Posting

    Discussion website.

    -

    Browser_Plugin

    Supplements and extensions to a web browser.

    Adobe and Adobe Flash Player

    File_Sharing

    Sharing files with others on the network.

    XLKC and Zuploader

    IM_File_Transfer

    Function of instant messaging software that enables file transfer between two or more users on a network.

    QQ_Transfer and Outlook LAN Messenger

    Search_Engines

    Application that automatically collects information from the Internet and provides it to users after analyzing and arranging the information.

    Baidu and Google

    Software_Update

    Upgrade of a software program using an upgrade patch downloaded from a network server.

    Automatic update of Windows and McAfee

    Utility

    Tools available on the Internet, such as the IP address location query tool.

    Google_Map and 360softmanager

    Web_Content_Aggregate

    Application that provides useful and specific information and resources on the Internet by manually sorting, analyzing, and classifying information.

    -

    Web_Desktop

    Browser-based virtual operating system, on which users can perform operations on application programs using web browsers.

    Cloudo and Ghost software

    Web_Spider

    Application that automatically collects specific information from the Internet.

    URL Spider Pro and TurnitinBot

    Web_Browsing

    Application that displays texts, images, videos, and other information using a web browser.

    PandaReader and UCWeb

    Encrypted_Tunnel

    Method of using a network tunneling protocol to transfer packets of another network protocol.

    IPSec and L2TP

    Infrastructure

    Collection of rules for communication between network devices, for example network servers and computers, which defines the formats of information that must be used during communication and meanings of the formats. Common infrastructure protocols include HTTP and DNS.

    DHCP and DNS

    Ip_Protocol

    IP layer protocol.

    OSPF and MPLS

    Proxy

    Network proxy service that allows one network terminal to establish an indirect connection with another network terminal, to guarantee privacy and security and prevent network attacks.

    Http Proxy and Glype Proxy

    General_UDP

    General UDP application.

    Unclassified UDP traffic.

    General_TCP

    General TCP application.

    Unclassified TCP traffic.

    Other

    Applications other than UDP and TCP applications.

    -

    Electronic_Business

    Business activities conducted on the Internet in compliance with laws and regulations.

    TaoBao and Amazon

    File_Access

    File access.

    CuteFTP

    WebMail

    Web mailbox.

    -

    MicroBlog

    Platform where users share, propagate, and obtain information based on relationships with other users.

    -

    PeerCasting

    Video transfer in point-to-point mode.

    Souhu TV and BaiDuYingYin

    Web_Video

    Video portal website.

    -

    FileShare_P2P

    Point-to-point model that allows users to share files on a network.

    Thunder and BT

    Network_Storage

    Web disk application.

    Netease_DiskWeb and 360CloudWeb

    AppDownload

    Application download.

    AppStore and APPChina

    Attack

    Network attack software.

    -

    Network_Admin

    Network management.

    Corba and Finger

    News_Group

    News group.

    -

    CloudService

    Cloud service.

    Google application Engine

  6. If the web platform of the EasyOperation edition is displayed after your login, as shown in Figure 29-101, click in the upper right corner to switch to the web page of the Classics edition.
    Figure 29-101  Login page of the web platform of the EasyOperation edition

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 454577

Downloads: 4316

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next