No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring URL Filtering

Configuring URL Filtering

Enabling the Defense Engine

Context

After the defense engine is enabled, the system automatically loads the default signature database.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    defence engine enable

    The defense engine is enabled.

    By default, the defense engine is disabled.

Creating an Attack Defense Profile

Context

As the network develops continuously, there are various types of potential risks such as Trojan horses, worms, and viruses in packets. After an attack defense profile is created, various security functions are available, such as URL filtering, intrusion prevention, and antivirus.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    defence-profile name profile-name

    An attack defense profile is created and the attack defense profile view is displayed.

    By default, no attack defense profile is created.

Configuring URL Filtering Profile

The profile of URL filtering defines actions for URLs matching the blacklist and whitelist to allow or block access to the URLs.

Context

The priority of the whitelist is higher than that of the blacklist. The application scenarios of the blacklist and whitelist are as follows:

  • Blacklist

    During working hours, online behavior can be managed and access to entertainment, game, and video websites must be blocked to improve work efficiency and optimize network bandwidths.

    You can configure a URL blacklist to prevent users from accessing the specified URLs.

  • Whitelist

    You may choose to exempt certain websites from filtering.

    You can configure a URL whitelist to allow users to access the specified URLs.

The Central AP has a default URL filtering profile named default. In the default profile, the default action is permit. You cannot modify or delete the default profile.

Procedure

  1. Access the system view.

    system-view

  2. Optional: Enable encrypted traffic consistency check.

    url-filter https-filter consistency-check enable

    By default, this function is disabled.

  3. Create a URL filtering profile and enters the URL filtering profile view.

    profile type url-filter name name

  4. Configure the description of a URL filtering profile.

    description description

  5. Add blacklist and whitelist rules to the URL filtering profile.

    add { blacklist | whitelist } { url url-text | host host-text }

  6. Set the default action.

    default action { allow | block | alert }

    The default action for a URL filtering profile is allow.

    If the URL does not match any blacklist, whitelist, or URL category in the local cache, the Central AP will take the default action.

  7. Return to the system view, commit the profile.

    engine configuration commit

    The new or modified URL filtering profile does not take effect until you run the engine configuration commit command to commit the configuration. To save time, you can commit changes after all changes are made.

Follow-up Procedure

  • In the URL filtering profile view, rename an existing URL filtering profile and display the new profile view.

    rename new-name

  • In the system view, create a URL filtering profile (by cloning an existing one) and display the view of the new URL filtering profile.

    profile type url-filter copy old-name [ new-name ]

  • In any view, display information about URL filtering profiles.

    display profile type url-filter name name [ blacklist [ url url-text | host host-text ] | whitelist [ url url-text | host host-text ] ]

  • In any view, display statistics on URL filtering.

    display url-filter statistics

  • In the user view, clear statistics on URL filtering.

    reset url-filter statistics { blacklist | whitelist | all }

Applying the Configuration

Context

After a URL filtering profile is created, you need to bind it to an attack defense profile and then bind the attack defense profile to a VAP profile, user group, or interface to make the application take effect.

Procedure

  1. Bind a URL filtering profile to an attack defense profile.
    1. Run the system-view command to enter the system view.
    2. Run the defence-profile name profile-name command to enter the attack defense profile view.
    3. Run the profile type url-filter name command to bind a URL filtering profile to an attack defense profile.

      By default, no URL filtering profile is bound to an attack defense profile.

    4. Run the quit command to return to the system view.
  2. Bind the attack defense profile to a VAP profile, or a user group.

    • VAP profile:

      1. Run the wlan command to enter the WLAN view.
      2. Run the vap-profile name profile-name command to enter the VAP profile view.
      3. Run the defence-profile profile-name command to bind the attack defense profile to a VAP profile.

        By default, no attack defense profile is bound to a VAP profile.

    • User group:

      1. Run the user-group group-name command to enter the user group view.
      2. Run the defence-profile profile-name command to bind the attack defense profile to a user group.

        By default, no attack defense profile is bound to a user group.

    • Interface:

      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the defence-profile profile-name command to bind the attack defense profile to an interface.

        By default, no attack defense profile is bound to an interface.

Checking the Configuration
  • Run the display defence-profile { all | name profile-name } command to check information about the attack defense profile.
  • Run the display references defence-profile name profile-name command to check reference information about the attack defense profile.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 117678

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next