No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Intrusion Prevention System

Intrusion Prevention System

Data Model

The data model file matching the Intrusion Prevention System (IPS) profile is huawei-intrusion-prevention.yang.

Table 3-1307 IPS data model

Object

Description

ips-config

Indicates that the operation request object is an IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips

Indicates that the operation request object is a user-defined IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys

Indicates that the operation request object is the system. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/name

Indicates the name of the system. The value is a string of characters.

ips-config/user-defined-ips/vsys/profiles

Indicates that the operation request object is all user-defined IPS profiles. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile

Indicates that the operation request object is the current user-defined IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/name

Indicates the name of an IPS profile. The value is a string of case-sensitive characters.

  • If the name does not contain spaces, the value is a string of 1 to 32 characters.
  • If the name contains spaces, the value is a string of 3 to 34 characters, and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain question marks (?), commas (,), double quotation marks ("), and hyphens (-).
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/description

Indicates the description of an IPS profile. The value is a string of 1 to 128 case-sensitive characters with spaces supported.

ips-config/user-defined-ips/vsys/profiles/profile/collect-attack-evidence-enable

Indicates whether to enable attack evidence collection in the IPS profile.

  • true: Attack evidence collection is enabled.
  • false: Attack evidence collection is disabled.

    By default, attack evidence collection is disabled.

ips-config/user-defined-ips/vsys/profiles/profile/command-and-control-domain-filter

Indicates that the operation request object is malicious domain name detection. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/command-and-control-domain-filter/domain-filter-enable

Indicates whether to enable malicious domain name detection in the IPS profile.

  • true: Malicious domain name detection is enabled.
  • false: Malicious domain name detection is disabled.

    By default, malicious domain name detection is disabled.

ips-config/user-defined-ips/vsys/profiles/profile/command-and-control-domain-filter/action

Indicates the action taken during malicious domain name detection.

Two options are available: alert (default) and block.

NOTE:

This object cannot be deleted. It is valid only when the domain-filter-enable object is set to true.

ips-config/user-defined-ips/vsys/profiles/profile/associated-check-enable

Indicates whether to enable associated check in the IPS profile.

  • true: Associated check is enabled.
  • false: Associated check is disabled.

    By default, associated check is enabled.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets

Indicates that the operation request object is a signature filter set. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set

Indicates that the operation request object is the current signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/name

Indicates the name of a signature filter. The value is a string of case-sensitive characters.

  • If the name does not contain spaces, the value is a string of 1 to 32 characters.
  • If the name contains spaces, the value is a string of 3 to 34 characters, and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain question marks (?), commas (,), double quotation marks ("), and hyphens (-).
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/signature-set-action

Indicates that the operation request object is the action filtering condition in a signature filter set. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/signature-set-action/action

Indicates the signature action filtering condition in a signature filter.

Two options are available: alert and block.

By default, the action of the signature filter is default-type. That is, the signature filter uses the action of each signature to process packets.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/application

Indicates the application filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/application/all-application

Indicates that the application filtering condition in a signature filter is "all applications".

  • true: The filtering condition is "all applications".
  • false: The filtering condition is not "all applications".
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/application/specifed-application

Indicates that the application filtering condition in a signature filter is "specified application". The value is a string of characters, which is the name of the specified application. If no specific application is configured, the system does not filter application names.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/target

Indicates the target filtering condition in a signature filter.

  • client: The target is the client.
  • server: The target is the server.
  • both: The target is both the client and server.

    By default, no target is specified in an IPS signature filter.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/severity

Indicates the severity filtering condition in a signature filter.

  • high: The signatures with a high severity will be filtered.
  • medium: The signatures with a medium severity will be filtered.
  • low: The signatures with a low severity will be filtered.
  • information: The signatures with the severity being information will be filtered.

    By default, no severity is specified in an IPS signature filter.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/operating-system

Indicates the operating system filtering condition in a signature filter. The options are android, ios, unix-like, windows, and other.

By default, no operating system is specified in an IPS signature filter.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/protocol

Indicates the protocol filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/protocol/all-protocol

Indicates that the protocol filtering condition in a signature filter is "all protocols".

  • true: The filtering condition is "all protocols".
  • false: The filtering condition is not "all protocols".
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/protocol/specifed-protocol

Indicates that the protocol filtering condition in a signature filter is "specified protocol". The value is a string of characters, specifying a protocol. If no specific protocol is configured, the system does not filter protocols.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category

Indicates the intrusion category filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category/all-category

Indicates that the intrusion category filtering condition in a signature filter is "all intrusion categories".

  • true: The filtering condition is "all intrusion categories".
  • false: The filtering condition is not "all intrusion categories".
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category/specifed-category

Indicates the specified intrusion category filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category/specifed-category/name

Indicates that the intrusion category filtering condition in a signature filter is "specified intrusion category name". The value is a string of characters, which is the name of the specified category. If no specific intrusion category is configured, the system does not filter intrusion categories.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category/specifed-category/all-sub-category

Indicates whether the filtering condition is all sub-categories under the current intrusion category.

  • true: The filtering condition is all sub-categories under the current intrusion category.
  • false: The filtering condition is not all sub-categories under the current intrusion category.
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category/specifed-category/sub-category

Indicates the filtering condition about sub-categories under the current specified intrusion category in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/category/specifed-category/sub-category/name

Indicates that the intrusion category filtering condition in a signature filter is "sub-category name under specified intrusion category". The value is a string of characters, which is the name of the specified sub-category.

ips-config/user-defined-ips/vsys/profiles/profile/exception-signatures

Indicates that the operation request object is an exception signature set. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/exception-signatures/exception-signature

Indicates that the operation request object is an exception signature. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/exception-signatures/exception-signature/id

Indicates the ID of an exception signature. The value is an integer that ranges from 1 to 16777215.

NOTE:
  • The signature ID must exist.
  • This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/exception-signatures/exception-signature/action

Indicates the action of an exception signature.

Four options are available: allow, alert, and block.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling

Indicates that the operation request object is the protocol control information in an IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check

Indicates that the operation request object is the DNS control information in an IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check/malformed-packet-action

Indicates the action to be taken when the DNS protocol format is abnormal.

Two options are available: alert and block.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check/request-type-default-action

Indicates the default action for the DNS request type.

Three options are available: allow, alert, and block.

NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check/request-type

Indicates that the operation request object is the DNS request type. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check/request-type/start-type

Indicates the start DNS request type in the specified request type range. The value is an integer that ranges from 0 to 65535.

NOTE:
  • This object cannot be deleted.
  • If you only set start-type, the value of end-type must be the same as that of start-type.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check/request-type/end-type

Indicates the end DNS request type in the specified request type range. The value is an integer that ranges from 0 to 65535.

NOTE:
  • This object cannot be deleted and its value cannot be changed.
  • If you only set start-type, the value of end-type must be the same as that of start-type.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/dns-check/request-type/action

Indicates the action for the specified DNS request type range.

Three options are available: allow, alert, and block.

NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check

Indicates that the operation request object is the HTTP control information in an IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/multi-host-action

Indicates the action to be taken when the HTTP header field contains multiple hosts.

Two options are available: alert and block.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/ssh-over-http-action

Indicates the action for SSH over HTTP.

Two options are available: alert and block.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-online-host

Indicates that the operation request object is the X-Online-Host field in HTTP. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-online-host/check-type-action

Indicates that the operation request object is the detection condition and action for the X-Online-Host field in HTTP. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-online-host/check-type-action/type

Indicates the condition for detecting the X-Online-Host field in HTTP.

  • any: The condition for detecting the X-Online-Host field is that any field to be detected exists.
  • multiple: The condition for detecting the X-Online-Host field is that multiple fields to be detected exist.
  • blacklist: The detection condition is blacklist.
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-online-host/check-type-action/action

Indicates the action to be taken for the X-Online-Host field in HTTP.

Two options are available: alert and block.

NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-online-host/blacklist

Indicates the domain name or IP address corresponding to the blacklist.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-forwarded-for

Indicates that the operation request object is the X-Forwarded-For field in HTTP. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-forwarded-for/check-type-action

Indicates that the operation request object is the detection condition and action for the X-Forwarded-For field in HTTP. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-forwarded-for/check-type-action/type

Indicates the condition for detecting the X-Forwarded-For field in HTTP.

  • any: The condition for detecting the X-Forwarded-For field is that any field to be detected exists.
  • whitelist: The detection condition is whitelist.
NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-forwarded-for/check-type-action/action

Indicates the action to be taken for the X-Forwarded-For field in HTTP.

Two options are available: alert and block.

NOTE:

This object cannot be deleted.

ips-config/user-defined-ips/vsys/profiles/profile/protocol-controlling/http-check/x-forwarded-for/whitelist

Indicates the IP address corresponding to the whitelist. Only IPv4 addresses are supported.

ips-state

Indicates that the operation request object is an IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/user-defined-ips

Indicates that the operation request object is a user-defined IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/user-defined-ips/vsys

Indicates that the operation request object is the system. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/user-defined-ips/vsys/name

Indicates the name of the system. The value is a string of characters.

ips-state/user-defined-ips/vsys/profiles

Indicates that the operation request object is all IPS profiles. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/user-defined-ips/vsys/profiles/profile

Indicates that the operation request object is the current IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/user-defined-ips/vsys/profiles/profile/name

Indicates the name of an IPS profile. The value is a string of case-sensitive characters.

  • If the name does not contain spaces, the value is a string of 1 to 32 characters.
  • If the name contains spaces, the value is a string of 3 to 34 characters, and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain question marks (?), commas (,), double quotation marks ("), and hyphens (-).

ips-state/user-defined-ips/vsys/profiles/profile/reference-count

Indicated the number of times that an IPS profile is referenced by a security policy.

ips-state/default-profiles

Indicates that the operation request object is all predefined IPS profiles. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile

Indicates that the operation request object is the current predefined IPS profile. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/name

Indicates the name of an IPS profile. The value is a string of case-sensitive characters.

  • If the name does not contain spaces, the value is a string of 1 to 32 characters.
  • If the name contains spaces, the value is a string of 3 to 34 characters, and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain question marks (?), commas (,), double quotation marks ("), and hyphens (-).

ips-state/default-profiles/profile/description

Indicates the description of an IPS profile. The value is a string of 1 to 128 case-sensitive characters with spaces supported.

ips-state/default-profiles/profile/signature-sets

Indicates that the operation request object is a signature filter set. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/signature-sets/signature-set

Indicates that the operation request object is the current signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/signature-sets/signature-set/name

Indicates the name of a signature filter. The value is a string of case-sensitive characters.

  • If the name does not contain spaces, the value is a string of 1 to 32 characters.
  • If the name contains spaces, the value is a string of 3 to 34 characters, and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain question marks (?), commas (,), double quotation marks ("), and hyphens (-).

ips-state/default-profiles/profile/signature-sets/signature-set/action

Indicates the signature action filtering condition in a signature filter.

Two options are available: alert and block.

By default, the action of the signature filter is default-type. That is, the signature filter uses the action of each signature to process packets.

ips-state/default-profiles/profile/signature-sets/signature-set/application

Indicates the application filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/application/all-application

Indicates that the application filtering condition in a signature filter is "all applications".

  • true: The filtering condition is "all applications".
  • false: The filtering condition is not "all applications".

ips-state/default-profiles/profile/signature-sets/signature-set/application/specifed-application

Indicates that the application filtering condition in a signature filter is "specified application". The value is a string of characters, which is the name of the specified application. If no specific application is configured, the system does not filter application names.

ips-state/default-profiles/profile/signature-sets/signature-set/target

Indicates the target filtering condition in a signature filter.

  • client: The target is the client.
  • server: The target is the server.
  • both: The target is both the client and server.

    By default, no target is specified in an IPS signature filter.

ips-state/default-profiles/profile/signature-sets/signature-set/severity

Indicates the severity filtering condition in a signature filter.

  • high: The signatures with a high severity will be filtered.
  • medium: The signatures with a medium severity will be filtered.
  • low: The signatures with a low severity will be filtered.
  • information: The signatures with the severity being information will be filtered.

    By default, no severity is specified in an IPS signature filter.

ips-config/user-defined-ips/vsys/profiles/profile/signature-sets/signature-set/operating-system

Indicates the operating system filtering condition in a signature filter. The options are android, ios, unix-like, windows, and other.

By default, no operating system is specified in an IPS signature filter.

ips-state/default-profiles/profile/signature-sets/signature-set/protocol

Indicates the protocol filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/signature-sets/signature-set/protocol/all-protocol

Indicates that the protocol filtering condition in a signature filter is "all protocols".

  • true: The filtering condition is "all protocols".
  • false: The filtering condition is not "all protocols".

ips-state/default-profiles/profile/signature-sets/signature-set/protocol/specifed-protocol

Indicates that the protocol filtering condition in a signature filter is "specified protocol". The value is a string of characters, specifying a protocol. If no specific protocol is configured, the system does not filter protocols.

ips-state/default-profiles/profile/signature-sets/signature-set/category

Indicates the intrusion category filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/signature-sets/signature-set/category/all-category

Indicates that the intrusion category filtering condition in a signature filter is "all intrusion categories".

  • true: The filtering condition is "all intrusion categories".
  • false: The filtering condition is not "all intrusion categories".

ips-state/default-profiles/profile/signature-sets/signature-set/category/specifed-category

Indicates the specified intrusion category filtering condition in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/signature-sets/signature-set/category/specifed-category/name

Indicates that the intrusion category filtering condition in a signature filter is "specified intrusion category name". The value is a string of characters, which is the name of the specified category. If no specific intrusion category is configured, the system does not filter intrusion categories.

ips-state/default-profiles/profile/signature-sets/signature-set/category/specifed-category/sub-category

Indicates the filtering condition about sub-categories under the current specified intrusion category in a signature filter. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/default-profiles/profile/signature-sets/signature-set/category/specifed-category/sub-category/name

Indicates that the intrusion category filtering condition in a signature filter is "sub-category name under specified intrusion category". The value is a string of characters, which is the name of the specified sub-category.

ips-state/application-database

Indicates that the operation request object is application data. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/application-database/application

Indicates that the operation request object is an application. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/application-database/application/name

Indicates the name of an application. The value is a string of characters.

ips-state/application-database/application/sub-application

Indicates that the operation request object is a sub-application. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/application-database/application/sub-application/name

Indicates the name of a sub-application. The value is a string of characters.

ips-state/category-database

Indicates that the operation request object is intrusion category data. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/category-database/category

Indicates that the operation request object is an intrusion category. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/category-database/category/name

Indicates the name of an intrusion category. The value is a string of characters.

ips-state/category-database/category/sub-category

Indicates that the operation request object is an intrusion sub-category. It is only used to contain sub-objects, but does not have any data meaning.

ips-state/category-database/category/sub-category/name

Indicates the name of an intrusion sub-category. The value is a string of characters.

Creating a User-Defined IPS Profile

This section provides a sample of creating a user-defined IPS profile using the create method.

NOTE:

After creating a user-defined IPS profile, the configuration does not take effect immediately. You need to execute configuration compilation to activate the configuration. Because the activation operation is valid for all security features, so it takes a long time to activate the configuration. You are advised to submit the configuration after completing configurations of all security features.

Table 3-1308 Creating a user-defined IPS profile

Operation

XPATH

edit-config:create

ips-config/user-defined-ips/vsys/name/profiles/profile

Data Requirements
Table 3-1309 Creating a user-defined IPS profile

Item

Data

Description

Name

ipstest

Create a user-defined IPS profile and configure the signature filter, exception signature, and protocol control information.

Description

The description of the IPS profile

Enable attack evidence collection

true

Enable malicious domain name check

true

Action for malicious domain names

alert

Signature filter 1

/

Name

signame1

Action

block

All applications

false

Specified application

axis_camera_control

arcserve_backup_2000

Target

server

Severity

high

information

medium

Operating system

android

ios

unix-like

All protocols

false

Specified protocol

HTTP

DNS

RSH

All intrusion categories

false

Specified intrusion category

Virus

Trojan

http_bot

rat_bot

p2p_bot

Spyware

Signature filter 2

/

Name

signame2

Action

default-type

All applications

true

All protocols

true

All intrusion categories

true

Exception signature set

/

Signature ID

1

Action

alert

Signature ID

2

Action

block

Signature ID

2550

Action

block

Action for the Malformed-Packet field in DNS

block

Default action for DNS requests

alert

Start DNS request type

1

End DNS request type

2

Action for DNS request types

block

Start DNS request type

5

Action for DNS request types

allow

Start DNS request type

12

Action for DNS request types

block

Action for the Multi-Host field in HTTP

alert

Action for the SSH-Over-HTTP field in HTTP

block

Condition for checking the X-Online-Host field in HTTP

blacklist

Action for the X-Online-Host field in HTTP

alert

Blacklist corresponding to the X-Online-Host field in HTTP

www.baidu.com

www.sina.com

www.renren.com

Condition for checking the X-Forwarded-For field in HTTP

whitelist

Action for the X-Forwarded-For field in HTTP

alert

Whitelist corresponding to the X-Forwarded-For field in HTTP

11.121.123.224

127.88.38.12

128.28.26.3

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1001" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <error-option>rollback-on-error</error-option>
    <config>
      <ips-config xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <user-defined-ips>
          <vsys>
            <name>public</name>
            <profiles>
              <profile>
                <name>ipstest</name>
                <description>The description of the IPS profile</description>
                <collect-attack-evidence-enable>true</collect-attack-evidence-enable>
                <command-and-control-domain-filter>
                  <domain-filter-enable>true</domain-filter-enable>
                  <action>alert</action>
                </command-and-control-domain-filter>
                <signature-sets>
                  <signature-set>
                    <name>signame1</name>
                    <signature-set-action>
                      <action>block</action>
                    </signature-set-action>
                    <application>
                      <all-application>false</all-application>
                      <specifed-application>axis_camera_control</specifed-application>
                      <specifed-application>arcserve_backup_2000</specifed-application>
                    </application>
                    <target>server</target>
                    <severity>high</severity>
                    <severity>information</severity>
                    <severity>medium</severity>
                    <operating-system>android</operating-system>
                    <operating-system>ios</operating-system>
                    <operating-system>unix-like</operating-system>
                    <protocol>
                      <all-protocol>false</all-protocol>
                      <specifed-protocol>HTTP</specifed-protocol>
                      <specifed-protocol>DNS</specifed-protocol>
                      <specifed-protocol>RSH</specifed-protocol>
                    </protocol>
                    <category>
                      <all-category>false</all-category>
                      <specifed-category>
                        <name>Virus</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                      <specifed-category>
                        <name>Trojan</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                      <specifed-category>
                        <name>Botnet</name>
                        <all-sub-category>false</all-sub-category>
                        <sub-category>
                          <name>http_bot</name>
                        </sub-category>
                        <sub-category>
                          <name>rat_bot</name>
                        </sub-category>
                        <sub-category>
                          <name>p2p_bot</name>
                        </sub-category>
                      </specifed-category>
                      <specifed-category>
                        <name>Spyware</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                    </category>
                  </signature-set>
                  <signature-set>
                    <name>signame2</name>
                    <signature-set-action>
                      <action>default-type</action>
                    </signature-set-action>
                    <application>
                      <all-application>true</all-application>
                    </application>
                    <protocol>
                      <all-protocol>true</all-protocol>
                    </protocol>
                    <category>
                      <all-category>true</all-category>
                    </category>
                  </signature-set>
                </signature-sets>
                <exception-signatures>
                    <exception-signature>
                      <id>1</id>
                      <action>alert</action>
                    </exception-signature>
                    <exception-signature>
                      <id>2</id>
                      <action>block</action>
                      </exception-signature>
                    <exception-signature>
                      <id>2550</id>
                      <action>block</action>
                    </exception-signature>
                  </exception-signatures>
                  <protocol-controlling>
                  <dns-check>
                    <malformed-packet-action>block</malformed-packet-action>
                    <request-type-default-action>alert</request-type-default-action>
                    <request-type>
                      <start-type>1</start-type>
                      <end-type>2</end-type>
                      <action>block</action>
                    </request-type>
                    <request-type>
                      <start-type>5</start-type>
                      <end-type>5</end-type>
                      <action>allow</action>
                    </request-type>
                    <request-type>
                      <start-type>12</start-type>
                      <end-type>12</end-type>
                      <action>block</action>
                    </request-type>
                  </dns-check>
                  <http-check>
                    <multi-host-action>alert</multi-host-action>
                    <ssh-over-http-action>block</ssh-over-http-action>
                    <x-online-host>
                      <check-type-action>
                        <type>blacklist</type>
                        <action>alert</action>
                      </check-type-action>
                      <blacklist>www.baidu.com</blacklist>
                      <blacklist>www.sina.com</blacklist>
                      <blacklist>www.renren.com</blacklist>
                    </x-online-host>
                    <x-forwarded-for>
                      <check-type-action>
                        <type>whitelist</type>
                        <action>alert</action>
                      </check-type-action>
                      <whitelist>11.121.123.224</whitelist>
                      <whitelist>127.88.38.12</whitelist>
                      <whitelist>128.28.26.3</whitelist>
                    </x-forwarded-for>
                  </http-check>
                </protocol-controlling>
              </profile>
            </profiles>
          </vsys>
        </user-defined-ips>
      </ips-config>
    </config>
  </edit-config>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1001">
  <ok/>
</rpc-reply>

Modifying a User-Defined IPS Profile

This section provides a sample of modifying a user-defined IPS profile using the replace method.

Table 3-1310 Modifying a user-defined IPS profile

Operation

XPATH

edit-config:replace

ips-config/user-defined-ips/vsys/name/profiles/profile

Data Requirements
Table 3-1311 Modifying a user-defined IPS profile

Item

Data

Description

Name

ipstest

Modify a user-defined IPS profile, including the signature filter and signature information.

Description

The description of the IPS profile

Enable attack evidence collection

false

Enable malicious domain name check

true

Action for malicious domain names

block

Signature filter 1

/

Name

signame1

Action

alert

All applications

true

Target

server

Severity

high

information

medium

low

Operating system

android

ios

unix-like

other

All protocols

false

Specified protocol

HTTP

DNS

RSH

TCP

All intrusion categories

false

Specified intrusion category

Virus

Trojan

Botnet

Spyware

Exception signature set

/

Signature ID

1

Action

alert

Signature ID

2

Action

block

Signature ID

2550

Action

alert

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1002" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <error-option>rollback-on-error</error-option>
    <config>
      <ips-config xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <user-defined-ips>
          <vsys>
            <name>public</name>
            <profiles>
              <profile>
                <name>ipstest</name>
                <description>The description of the IPS profile</description>
                <collect-attack-evidence-enable>false</collect-attack-evidence-enable>
                <command-and-control-domain-filter>
                  <domain-filter-enable>true</domain-filter-enable>
                  <action>block</action>
                </command-and-control-domain-filter>
                <signature-sets>
                  <signature-set>
                    <name>signame1</name>
                    <signature-set-action>
                      <action>alert</action>
                    </signature-set-action>
                    <application>
                      <all-application>true</all-application>
                    </application>
                    <target>server</target>
                    <severity>high</severity>
                    <severity>information</severity>
                    <severity>medium</severity>
                    <severity>low</severity>
                    <operating-system>android</operating-system>
                    <operating-system>ios</operating-system>
                    <operating-system>unix-like</operating-system>
                    <operating-system>other</operating-system>
                    <protocol>
                      <all-protocol>false</all-protocol>
                      <specifed-protocol>HTTP</specifed-protocol>
                      <specifed-protocol>DNS</specifed-protocol>
                      <specifed-protocol>RSH</specifed-protocol>
                      <specifed-protocol>TCP</specifed-protocol>
                    </protocol>
                    <category>
                      <all-category>false</all-category>
                      <specifed-category>
                        <name>Virus</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                      <specifed-category>
                        <name>Trojan</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                      <specifed-category>
                        <name>Botnet</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                      <specifed-category>
                        <name>Spyware</name>
                        <all-sub-category>true</all-sub-category>
                      </specifed-category>
                    </category>
                  </signature-set>
                </signature-sets>
                <exception-signatures>
                    <exception-signature>
                      <id>1</id>
                      <action>alert</action>
                    </exception-signature>
                    <exception-signature>
                      <id>2</id>
                      <action>block</action>
                    </exception-signature>
                    <exception-signature>
                      <id>2550</id>
                      <action>alert</action>
                    </exception-signature>
                  </exception-signatures>
              </profile>
            </profiles>
          </vsys>
        </user-defined-ips>
      </ips-config>
    </config>
  </edit-config>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1002">
  <ok/>
</rpc-reply>

Deleting a User-Defined IPS Profile

This section provides a sample of deleting a user-defined IPS profile using the delete method.

Table 3-1312 Deleting a user-defined IPS profile

Operation

XPATH

edit-config:delete

ips-config/user-defined-ips/vsys/name/profiles/profile

Data Requirements
Table 3-1313 Deleting an IPS profile named ipstest

Item

Data

Description

System

public

Delete an IPS profile named ipstest in the public system.

Profile name

ipstest

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1003" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <error-option>rollback-on-error</error-option>
    <config>
      <ips-config xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <user-defined-ips>
          <vsys>
            <name>public</name>
            <profiles>
              <profile nc:operation="delete">
                <name>ipstest</name>
              </profile>
            </profiles>
          </vsys>
        </user-defined-ips>
      </ips-config>    
    </config>
  </edit-config>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1003">
  <ok/>
</rpc-reply>

Querying a User-Defined IPS Profile

This section provides a sample of querying a user-defined IPS profile using the get-config method.

Table 3-1314 Querying a user-defined IPS profile

Operation

XPATH

get-config

ips-config/user-defined-ips/vsys/name/profiles/profile

Data Requirements

None

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1008" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <get-config>
    <source>
      <running/>
    </source>
    <filter type="subtree">      
      <ips-config xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <user-defined-ips>
          <vsys>
            <name>public</name>
            <profiles>
              <profile>
                <name>ipstest</name>
              </profile>
            </profiles>
          </vsys>
        </user-defined-ips>
      </ips-config>
    </filter>
  </get-config>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1008">
<data>
  <ips-config xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention">
    <user-defined-ips>
      <vsys>
        <name>public</name>
        <profiles>
          <profile>
            <name>ipstest</name>
            <description>The description of the IPS profile</description>
            <collect-attack-evidence-enable>false</collect-attack-evidence-enable>
            <command-and-control-domain-filter>
              <domain-filter-enable>true</domain-filter-enable>
              <action>block</action>
            </command-and-control-domain-filter>
            <signature-sets>
              <signature-set>
                <name>signame1</name>
                <signature-set-action>
                  <action>alert</action>
                </signature-set-action>
                <application>
                  <all-application>true</all-application>
                </application>
                <target>server</target>
                <severity>low</severity>
                <severity>medium</severity>
                <severity>high</severity>
                <severity>information</severity>
                <operating-system>unix-like</operating-system>
                <operating-system>android</operating-system>
                <operating-system>ios</operating-system>
                <operating-system>other</operating-system>
                <protocol>
                  <all-protocol>false</all-protocol>
                  <specifed-protocol>HTTP</specifed-protocol>
                  <specifed-protocol>DNS</specifed-protocol>
                  <specifed-protocol>RSH</specifed-protocol>
                  <specifed-protocol>TCP</specifed-protocol>
                </protocol>
                <category>
                  <all-category>false</all-category>
                  <specifed-category>
                    <name>Virus</name>
                    <all-sub-category>true</all-sub-category>
                  </specifed-category>
                  <specifed-category>
                    <name>Trojan</name>
                    <all-sub-category>true</all-sub-category>
                  </specifed-category>
                  <specifed-category>
                    <name>Botnet</name>
                    <all-sub-category>true</all-sub-category>
                    <sub-category>
                      <name>http_bot</name>
                    </sub-category>
                    <sub-category>
                      <name>rat_bot</name>
                    </sub-category>
                    <sub-category>
                      <name>p2p_bot</name>
                    </sub-category>
                    <sub-category>
                      <name>tree_bot</name>
                    </sub-category>
                    <sub-category>
                      <name>irc_bot</name>
                    </sub-category>
                  </specifed-category>
                  <specifed-category>
                    <name>Spyware</name>
                    <all-sub-category>true</all-sub-category>
                  </specifed-category>
                </category>
              </signature-set>
            </signature-sets>
            <exception-signatures>
              <exception-signature>
                <id>1</id>
                <action>alert</action>
              </exception-signature>
              <exception-signature>
                <id>2</id>
                <action>block</action>
              </exception-signature>
              <exception-signature>
                <id>2550</id>
                <action>alert</action>
              </exception-signature>
            </exception-signatures>
            <protocol-controlling>
              <dns-check>
                <malformed-packet-action>block</malformed-packet-action>
                <request-type-default-action>alert</request-type-default-action>
                <request-type>
                  <start-type>1</start-type>
                  <end-type>2</end-type>
                  <action>block</action>
                </request-type>
                <request-type>
                  <start-type>5</start-type>
                  <end-type>5</end-type>
                  <action>allow</action>
                </request-type>
                <request-type>
                  <start-type>12</start-type>
                  <end-type>12</end-type>
                  <action>block</action>
                </request-type>
              </dns-check>
              <http-check>
                <multi-host-action>alert</multi-host-action>
                <ssh-over-http-action>block</ssh-over-http-action>
                <x-online-host>
                  <check-type-action>
                    <type>blacklist</type>
                    <action>alert</action>
                  </check-type-action>
                  <blacklist>www.baidu.com</blacklist>
                  <blacklist>www.sina.com</blacklist>
                  <blacklist>www.renren.com</blacklist>
                </x-online-host>
                <x-forwarded-for>
                  <check-type-action>
                    <type>whitelist</type>
                    <action>alert</action>
                  </check-type-action>
                  <whitelist>11.121.123.224</whitelist>
                  <whitelist>127.88.38.12</whitelist>
                  <whitelist>128.28.26.3</whitelist>
                </x-forwarded-for>
              </http-check>
            </protocol-controlling>
          </profile>
        </profiles>
      </vsys>
    </user-defined-ips>
  </ips-config>
</data>
</rpc-reply>

Querying Status Information

1. Sample of querying the number of times that an IPS profile is referenced using the get method

Table 3-1315 Querying the number of times that a specified IPS profile is referenced

Operation

XPATH

get

ips-state/user-defined-ips/vsys/profiles/profile

Data Requirements

None

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1004" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <get>
    <filter type="subtree">      
      <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <user-defined-ips>
          <vsys>
            <name>public</name>
            <profiles>
              <profile>
                <name>dmz</name>
              </profile>
            </profiles>
          </vsys>
        </user-defined-ips>
      </ips-state>
    </filter>
  </get>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1004">
  <data>             
    <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention">
      <user-defined-ips>
        <vsys>
          <name>public</name>
          <profiles>
            <profile>
              <name>dmz</name>
              <reference-count>1</reference-count>
            </profile>
          </profiles>
        </vsys>
      </user-defined-ips>
    </ips-state>
  </data>
</rpc-reply>

2. Sample of querying a specified predefined IPS profile using the get method

Table 3-1316 Querying a predefined IPS profile

Operation

XPATH

get

ips-state/default-profiles/profile

Data Requirements

None

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1004" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <get>
    <filter type="subtree">
      <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <default-profiles>
          <profile>
            <name>outside_firewall</name>
          </profile>
        </default-profiles>
      </ips-state>
    </filter>
  </get>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1004">
  <data>     
        <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention">
      <default-profiles>
        <profile>
          <name>outside_firewall</name>
          <description>  </description>
          <signature-sets>
            <signature-set>
              <name>default</name>
              <action>default-type</action>
              <application>
                <all-application>true</all-application>
              </application>
              <target>both</target>
              <severity>low</severity>
              <severity>medium</severity>
              <severity>high</severity>
              <operating-system>unix-like</operating-system>
              <operating-system>windows</operating-system>
              <operating-system>android</operating-system>
              <operating-system>ios</operating-system>
              <operating-system>other</operating-system>
              <protocol>
                <all-protocol>true</all-protocol>
              </protocol>
              <category>
                <all-category>false</all-category>
                <specifed-category>
                  <name>Virus</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Trojan</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Botnet</name>
                  <all-sub-category>true</all-sub-category>
                  <sub-category>
                    <name>http_bot</name>
                  </sub-category>
                  <sub-category>
                    <name>rat_bot</name>
                  </sub-category>
                  <sub-category>
                    <name>p2p_bot</name>
                  </sub-category>
                  <sub-category>
                    <name>tree_bot</name>
                  </sub-category>
                  <sub-category>
                    <name>irc_bot</name>
                  </sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Spyware</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Adware</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>CGI</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>XSS</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Injection</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Dir-traversal</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Info-Disclosure</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Remote-File-Inclusion</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Overflow</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Code-execution</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Dos</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Worm</name>
                  <all-sub-category>true</all-sub-category>
                  <sub-category>
                    <name>net_worm</name>
                  </sub-category>
                  <sub-category>
                    <name>web_worm</name>
                  </sub-category>
                  <sub-category>
                    <name>mail_worm</name>
                  </sub-category>
                  <sub-category>
                    <name>irc_worm</name>
                  </sub-category>
                  <sub-category>
                    <name>im_worm</name>
                  </sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Other</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>User-defined</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>Backdoor</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
                <specifed-category>
                  <name>DDos</name>
                  <all-sub-category>true</all-sub-category>
                </specifed-category>
              </category>
            </signature-set>
          </signature-sets>
        </profile>
      </default-profiles>
    </ips-state>
  </data>
</rpc-reply>

3. Sample of querying the supported applications under the specified parent category using the get method

Table 3-1317 Querying the supported applications under the specified parent category

Operation

XPATH

get

ips-state/application-database/application

Data Requirements

None

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1004" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <get>
    <filter type="subtree">      
      <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <application-database>
          <application>
            <name>zohocorp</name>
          </application>
        </application-database>
      </ips-state>
    </filter>
  </get>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1004">
  <data>     
    <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention">
      <application-database>
        <application>
          <name>zohocorp</name>
          <sub-application>
            <name>manageengine_password_manager_pro</name>
          </sub-application>
          <sub-application>
            <name>manageengine_it360</name>
          </sub-application>
          <sub-application>
            <name>manageengine_desktop_central</name>
          </sub-application>
        </application>
      </application-database>
    </ips-state>
  </data>
</rpc-reply>

4. Sample of querying the supported intrusion categories under the specified parent category using the get method

Table 3-1318 Querying the supported intrusion categories under the specified parent category

Operation

XPATH

get

ips-state/category-database/category

Data Requirements

None

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1004" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <get>
    <filter type="subtree">      
      <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <category-database>
          <category>
            <name>Worm</name>
          </category>
        </category-database>
      </ips-state>
    </filter>
  </get>
</rpc>
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1004">
  <data>     
    <ips-state xmlns="urn:huawei:params:xml:ns:yang:huawei-intrusion-prevention">
      <category-database>
        <category>
          <name>Worm</name>
          <sub-category>
            <name>net_worm</name>
          </sub-category>
          <sub-category>
            <name>web_worm</name>
          </sub-category>
          <sub-category>
            <name>mail_worm</name>
          </sub-category>
          <sub-category>
            <name>irc_worm</name>
          </sub-category>
          <sub-category>
            <name>im_worm</name>
          </sub-category>
        </category>
      </category-database>
    </ips-state>
  </data>
</rpc-reply>
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 8307

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next