No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Policy

Security Policy

This section describes the data model of a security policy, and provides samples of configuring, modifying, and deleting a security policy.

Data Model

The data model file matching the security policy is huawei-security-policy.yang.

Table 3-1296 Security policy

Object

Description

/huawei-security-policy:sec-policy

Indicates that the operation (creating, deleting, modifying and querying) object is a security policy. It is only used to contain sub-objects, but does not have any data meaning.

/huawei-security-policy:sec-policy/vsys

Indicates a virtual system. The security policy to be delivered is configured in this system.

/huawei-security-policy:sec-policy/vsys/name

Indicates the name of a virtual system. The value is a string of 1 to 31 case-sensitive characters without spaces.

/huawei-security-policy:sec-policy/vsys/static-policy/rule/name

Indicates the name of a security policy. The value is a string of 1 to 31 case-sensitive characters without spaces.

/huawei-security-policy:sec-policy/vsys/static-policy/rule/acl-number

Indicates the name of an ACL bound to the security policy. Ensure that the ACL has been created successfully.

/huawei-security-policy:sec-policy/vsys/static-policy/rule/profile/ips-profile

Indicates the name of an IPS profile bound to the security policy. Ensure that the IPS profile has been created successfully.

/huawei-security-policy/sec-policy/vsys/static-policy/rule/profile/url-profile

Indicates the name of a URL filtering profile bound to the security policy. Ensure that the URL filtering profile has been created successfully.

Creating a Security Policy

This section provides a sample of creating a security policy.

Table 3-1297 Creating a security policy

Operation

XPATH

edit-config:merge

/huawei-security-policy:sec-policy/vsys

Data Requirements
Table 3-1298 Creating a security policy named security

Item

Data

Description

Name of a virtual system

public

Create a security policy named security.

Name of a security policy

security

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <sec-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-security-policy">
    <vsys xc:operation="merge">
     <name>public</name>
     <static-policy>
      <rule>
       <name>security</name>     
      </rule>
     </static-policy>
    </vsys>
   </sec-policy>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">  
 <ok/>
</rpc-reply>

Binding an IPS Profile to a Security Policy

This section provides a sample of binding an IPS profile to a security policy.

Table 3-1299 Binding an IPS profile to a security policy

Operation

XPATH

edit-config:merge

/huawei-security-policy:sec-policy/vsys

Data Requirements
Table 3-1300 Binding IPS profile ipstest to security policy security

Item

Data

Description

Name of a virtual system

public

Bind IPS profile ipstest to security policy security, and detect traffic that matches ACL 3999.

Name of a security policy

security

ACL name

3999

Name of an IPS profile

ipstest

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <sec-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-security-policy">
    <vsys xc:operation="merge">
     <name>public</name>
     <static-policy>
      <rule>
       <name>security</name>     
      </rule>
     </static-policy>
    </vsys>
   </sec-policy>
  </config>
 </edit-config>
</rpc>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">  
 <ok/>
</rpc-reply>

Binding a URL Filtering Profile to a Security Policy

This section provides a sample of binding a URL filtering profile to a security policy.

Table 3-1301 Binding a URL filtering profile to a security policy

Operation

XPATH

edit-config:merge

/huawei-security-policy:sec-policy/vsys

Data Requirements
Table 3-1302 Binding URL filtering profile urltest to security policy security

Item

Data

Description

Name of a virtual system

public

Bind URL filtering profile urltest to security policy security, and detect traffic that matches ACL 3999.

Name of a security policy

security

ACL name

3999

Name of a URL filtering profile

urltest

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35ba">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <sec-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-security-policy">
    <vsys xc:operation="merge">
     <name>public</name>
     <static-policy>
      <rule>
       <name>security</name>
       <acl-number>3999</acl-number>
       <profile>
        <url-profile>urltest</url-profile>
       </profile>
      </rule>
     </static-policy>
    </vsys>
   </sec-policy>
  </config>
 </edit-config>
</rpc>    
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">  
 <ok/> 
</rpc-reply>

Modifying a Security Policy

This section provides a sample of modifying a security policy.

Table 3-1303 Modifying a security policy

Operation

XPATH

edit-config:replace

/huawei-security-policy:sec-policy/vsys

Data Requirements
Table 3-1304 Modifying a security policy named security

Item

Data

Description

Name of a virtual system

public

Modify a security policy named security, bind IPS profile ipstest, bind URL filtering profile urltest, and detect traffic that matches ACL 3999.

Name of a security policy

security

ACL name

3999

Name of a URL filtering profile

urltest

Name of an IPS profile

ipstest

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <sec-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-security-policy">
    <vsys xc:operation="replace">
     <name>public</name>
     <static-policy>
      <rule>
       <name>security</name>
       <acl-number>3999</acl-number> 
       <profile>
        <url-profile>urltest</url-profile>
        <ips-profile>ipstest</ips-profile>
       </profile>
      </rule>
     </static-policy>
    </vsys>
   </sec-policy>
  </config>
 </edit-config>
</rpc>    
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">  
 <ok/> 
</rpc-reply>

Deleting a Security Policy

This section provides a sample of deleting a security policy.

Table 3-1305 Deleting a security policy

Operation

XPATH

edit-config:remove

huawei-security-policy:sec-policy/vsys

Data Requirements
Table 3-1306 Deleting a security policy named security

Item

Data

Description

Name of a virtual system

public

Delete the security policy security, and delete bindings between the security policy and ACL 3999, URL filtering profile urltest, and IPS profile ipstest.

Name of a security policy

security

ACL name

3999

Name of a URL filtering profile

urltest

Name of an IPS profile

ipstest

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <sec-policy xmlns="urn:huawei:params:xml:ns:yang:huawei-security-policy">
    <vsys xc:operation="remove">
     <name>public</name>
     <static-policy>
      <rule>
       <name>security</name>
       <acl-number>3999</acl-number> 
       <profile>
        <url-profile>urltest</url-profile>
        <ips-profile>ipstest</ips-profile>
       </profile>
      </rule>
     </static-policy>
    </vsys>
   </sec-policy>
  </config>
 </edit-config>
</rpc>    
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="NETCONFIG_cf1d8f12b2b04308bc8cc1c954cc35b">  
 <ok/> 
</rpc-rep
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 8436

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next