No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - QoS

AR100-S, AR110-S, AR120-S, AR150-S, AR160-S, AR200-S, AR1200-S, AR2200-S, and AR3200-S V200R009

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Upgrading the SAC Signature File

Upgrading the SAC Signature File

Context

You can upgrade the signature file using the following methods:
  • Online upgrade
    • If the device can access the security center platform, you can upgrade the signature file through the security center platform.
    • If the device cannot access the security center platform, you can upgrade the signature file through the internal upgrade server.
      1. Ensure that the internal upgrade server can normally access the security center platform.
      2. Ensure that there are reachable routes between the device and the internal upgrade server.
  • Local upgrade

    When the device cannot be connected to the security center platform through a network, you can log in to the security center platform to download the upgrade package, and then upload the signature file to the device through FTP or TFTP, to upgrade the SAC signature file.

After the SAC signature file is upgraded, the new SAC signature file may adjust categories of application groups and application protocols. If there is the configuration based on the application group on the device, some services may be unavailable. You can run the display sa category command to check categories in the new signature file and run the display application command to check information about applications. Then you can adjust the configuration.

Procedure

  • Perform an online upgrade.
    1. Run system-view
    2. (Optional) Run update server { domain domain-name | ip ip-address } [ port port-number ]
    3. (Optional) Visit the upgrade server through the proxy server.

      1. Run update proxy enable

        The signature file proxy upgrade function is enabled.

        By default, the signature file proxy upgrade function is disabled.

      2. Run update proxy { domain domain-name | ip ip-address } [ port port-number ] [ user user-name [ password password ] ]

        The IP address or domain name of the proxy server is configured.

    4. (Optional) Run update online-mode { http | https }The online update mode of the signature database is setted.

      By default, the online update is in HTTPS mode.

      When configuring the online update mode of the signature database, you can select HTTP or HTTPS. By default, the online update is in HTTPS mode. Update in HTTP mode is risky, and update in HTTPS mode is recommended. To perform update in HTTP mode, you must strictly restrict security policy matching conditions.

    5. Determine an online upgrade mode.

      • Online upgrade through the security center platform

        To ensure that the device can access the security center platform, configure DNS.

        1. Run dns resolve

          Dynamic DNS resolution is enabled.

        2. Run dns server ip-address

          An IP address is configured for the DSN server.

    6. Scheduled upgrade

      1. Run update schedule sa-sdb enable

        The scheduled upgrade function of the SAC signature file is enabled.

        By default, the scheduled online upgrade function of the SAC signature file is enabled.

      2. Run update schedule [ { daily | weekly { Mon | Tue | Wed | Thu | Fri | Sat | Sun } } time ]

        The fixed online upgrade time of the SAC signature file is set.

        If no fixed upgrade time is set, a time between 22:00 and 08:00 is selected randomly as the daily upgrade time by default.

        It is recommended that you set time to the time when the device has the minimum traffic volume, for example, 6:00 am.

      3. Set the installation mode of the SAC signature file.

        An SAC signature file can take effect only after being installed on a device. You can select the installation mode, that is, whether confirmation is needed. If you select the confirmation mode, the device asks you whether to install the SAC signature file before the upgrade is performed.

        When you install the new SAC signature file, the old SAC signature file will be overwritten. During this process, services will be interrupted, so you are advised to enable installation confirmation when there is less impact on services.

        • Installation after confirmation
          1. Run update confirm sa-sdb enable

            The installation confirmation function is enabled. The upgrade file downloaded at a fixed time will be installed after confirmation.

            By default, the automatic installation confirmation function of all signature databases is disabled. The upgrade file downloaded at a fixed time will be installed automatically.

          2. Run update apply sa-sdb

            The downloaded upgrade file is installed.

        • Installation without confirmation

          Run undo update confirm sa-sdb enable

          The installation confirmation function is disabled. The upgrade file downloaded at a fixed time will be installed automatically without confirmation.

    7. (Optional) Immediate upgrade

      • Generally, scheduled upgrade can meet service requirements. However, if the upgrade time is not reached, you can select immediate upgrade.

        1. Run update online sa-sdb

          The SAC signature database is upgraded immediately.

        2. Run update apply sa-sdb

          The downloaded upgrade file is installed.

  • Terminate the upgrade.

    After the upgrade is started, if many network resources are occupied, you can terminate the upgrade.

    The update can be terminated only during file downloading.

    1. Run system-view

      The system view is displayed.

    2. Run update abort

      The upgrade is terminated.

  • Perform a version rollback.

    If an error occurs after the upgrade or the new SAC signature file does not meet requirements, use this command to roll back the version of the SAC signature file.

    Before the version rollback, you are advised to run the display version sa-sdb command to check the rollback version. Then you can choose whether to perform the version rollback. If no rollback version is available, the version rollback fails. The version in the device remains unchanged.

    1. Run system-view

      The system view is displayed.

    2. Run update rollback sa-sdb

      The SAC signature file version is rolled back.

  • Perform a local upgrade.

    1. Run system-view

      The system view is displayed.

    2. Run update local sa-sdb file filename

      The SAC signature file is upgraded locally.

      Terminate upgrade are not supported in the local upgrade.

  • Restore the version.

    If the signature file is restored to the factory default version, all other versions on the device are deleted.

    1. Run system-view

      The system view is displayed.

    2. Run update restore sdb-default sa-sdb

      The SAC signature file is restored to the factory default version.

Verifying the Configuration

  • Run the display engine information command to check the engine status and the version of all signature files.
  • Run the display version sa-sdb command to check version information of the SAC signature file.
  • Run the display update status command to check the upgrade status.
  • Run the display update configuration command to check the upgrade configuration.
Translation
Download
Updated: 2019-12-27

Document ID: EDOC1000174115

Views: 45400

Downloads: 34

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next