No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Prohibit Users from Uploading and Downloading Data Through the Thunder and Web Disks (Using the Web Platform)?

How Do I Prohibit Users from Uploading and Downloading Data Through the Thunder and Web Disks (Using the Web Platform)?

Networking Requirements

An AR is used by an enterprise as the egress gateway and connects to the Internet. The enterprise wants to prohibit employees from using the Thunder and web disks to upload data to and download data from the office network since data upload and download occupy the network bandwidth and affects the work efficiency.

Figure 29-95  Networking diagram for prohibiting upload and download


Network configurations have been completed on devices and the license containing the value-added service package for security services has been loaded.


  1. Enable value-added security services.

    Log in to the web platform and choose System Management > System Configuration > Service Management. The Service Management page is displayed. In the Service Management area, click Enabled in the line of Value-added security service. Click Apply to enable deep security according to Figure 29-96.

    Figure 29-96  Service management

  2. Configure a list of applications on which the network behavior management policy is to be applied.

    Choose Security > Network Behavior Management > Basic Configuration. The Basic Configuration page is displayed. On the Application List page, click Create. On the displayed page, configure the network behavior management rules according to Figure 29-97. Set Monitored subnet to Any. On the Application Protocol tab page, select Network_Storage, File_Sharing, and FileShare_P2P, set Control Mode to Deny, and Repeat Time to any.

    Figure 29-97  Creating an application

  3. Apply the network behavior management policy on the interface.

    Choose Security > Network Behavior Management > Basic Configuration. The Basic Configuration page is displayed. On the Function Setting page, click . On the displayed page, select the interface on which the network behavior management function needs to be applied according to Figure 29-98. For example, select GE0/0/1. Click to add GE0/0/1 to the selected interface list. Click OK.

    Figure 29-98  Selecting an interface

    Click Apply. The configuration of a network behavior management policy is completed according to Figure 29-99.

    Figure 29-99  Applying the network behavior management policy

  4. Apply the traffic policy in the inbound direction.

    Choose QoS > Traffic Management > Policy Application. The Policy Application page is displayed. In Policy Application List, click next to the interface to which a network behavior management policy is applied. On the Modify Policy Application page that is displayed, change the value of Direction to Inbound, and click OK, as shown in Figure 29-100.

    Figure 29-100  Modify Policy Application


  1. This example uses an AR1220 running V200R007C00SPCb00.
  2. When the value-added security services are enabled, the system automatically loads the signature file for network behavior management from the system file to the device storage medium (flash memory, USB flash drive, or SD card). Therefore, the current storage medium must have sufficient available space. Based on the empirical value, the available space needs to be greater than 30 MB.
  3. If you want to apply the network behavior management policy to all users, apply the network behavior management function on a public network interface. If you want to apply the network behavior management policy to some specific IP addresses, apply the network behavior management function on an intranet interface and ensure that NAT outbound is not enabled on the intranet interface.
  4. You are advised to upgrade the network behavior management signature database to the latest version.
  5. For your better understanding, some application examples are provided for each protocol set for reference in the following table.

    For details, visit Huawei Security Center.

    Table 29-76  Protocol set categories and description



    Application Example


    Service that provides safe and reliable identity authentication services online.



    Online banking and stock.

    STongHuaShun and China Merchants Securities


    Important tool for users to recovery data and ensures the security and integrity of enterprise data.

    cwRsync and SafeCopy


    Application software designed to manage the data, providing storage, access, security, backup and other functions.

    Oracle and MySQL


    Application that enables users to write, send, and receive mails over the Internet.

    GMail and OutLook


    Software provided to meet the needs of enterprise application.

    MS_Office_OneNote and Zoho_Login


    Application that allows users to share documents, make presentations, and hold meetings with others on a network.



    Application that provides the remote access service, for example, the application software that allows one computer to access and control another computer.

    TeamViewer and Telnet


    Application provided on the Internet, enabling entertainment and communication using servers of game providers and computers of users.

    WOW and QQGame


    Application that allows two or more people on the network to transfer text messages, files, voice and video communication instantly on a network.

    Skype_IM and ICQ_IM


    Sharing audio, video with others on a network.

    Itunes and QQMusic


    Application on mobile phones to support wireless network access.



    Website that supports communication between users with the same interests and taking part in same activities on the Internet.

    Facebook and Myspace


    Application that enables users to make calls and transfer text, voice, and video at lower costs over an IP network.

    WeiXin_VoIP and FaceTime


    Discussion website.



    Supplements and extensions to a web browser.

    Adobe and Adobe Flash Player


    Sharing files with others on the network.

    XLKC and Zuploader


    Function of instant messaging software that enables file transfer between two or more users on a network.

    QQ_Transfer and Outlook LAN Messenger


    Application that automatically collects information from the Internet and provides it to users after analyzing and arranging the information.

    Baidu and Google


    Upgrade of a software program using an upgrade patch downloaded from a network server.

    Automatic update of Windows and McAfee


    Tools available on the Internet, such as the IP address location query tool.

    Google_Map and 360softmanager


    Application that provides useful and specific information and resources on the Internet by manually sorting, analyzing, and classifying information.



    Browser-based virtual operating system, on which users can perform operations on application programs using web browsers.

    Cloudo and Ghost software


    Application that automatically collects specific information from the Internet.

    URL Spider Pro and TurnitinBot


    Application that displays texts, images, videos, and other information using a web browser.

    PandaReader and UCWeb


    Method of using a network tunneling protocol to transfer packets of another network protocol.

    IPSec and L2TP


    Collection of rules for communication between network devices, for example network servers and computers, which defines the formats of information that must be used during communication and meanings of the formats. Common infrastructure protocols include HTTP and DNS.

    DHCP and DNS


    IP layer protocol.

    OSPF and MPLS


    Network proxy service that allows one network terminal to establish an indirect connection with another network terminal, to guarantee privacy and security and prevent network attacks.

    Http Proxy and Glype Proxy


    General UDP application.

    Unclassified UDP traffic.


    General TCP application.

    Unclassified TCP traffic.


    Applications other than UDP and TCP applications.



    Business activities conducted on the Internet in compliance with laws and regulations.

    TaoBao and Amazon


    File access.



    Web mailbox.



    Platform where users share, propagate, and obtain information based on relationships with other users.



    Video transfer in point-to-point mode.

    Souhu TV and BaiDuYingYin


    Video portal website.



    Point-to-point model that allows users to share files on a network.

    Thunder and BT


    Web disk application.

    Netease_DiskWeb and 360CloudWeb


    Application download.

    AppStore and APPChina


    Network attack software.



    Network management.

    Corba and Finger


    News group.



    Cloud service.

    Google application Engine

  6. If the web platform of the EasyOperation edition is displayed after your login, as shown in Figure 29-101, click in the upper right corner to switch to the web page of the Classics edition.
    Figure 29-101  Login page of the web platform of the EasyOperation edition

Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 454577

Downloads: 4316

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next