No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Updating the IPS Signature Database

Updating the IPS Signature Database

Prerequisites

Ensure that the license has been activated and is within the effective service period.

After purchasing the license with the intrusion prevention upgrade function, you can obtain the signature database that contains predefined signatures, and continuously gain new intrusion prevention versions from the Security Center Platform (the default domain name is sec.huawei.com) to update the signature database.

Context

To improve security protection capability of the system, update the IPS signature database before configuring the IPS function. The device can identify more intrusion behaviors with the latest IPS signature database.

The IPS signature database is the basis for IPS to perform intrusion defense detection. The IPS signature database contains predefined IPS signatures. IPS signatures are used to describe features of intrusion behaviors on the network. The device compares packet contents with IPS signatures for detection and attack defense. If a data flow matches the features in a signature, the device processes the data flow according to the signature action. The contents of predefined signatures are fixed and cannot be created or modified.

You can update the database in the following methods:
  • Online upgrade

    If the device can access the Security Center Platform, you can upgrade through the Security Center Platform.

  • Local upgrade

    When the device cannot be connected to the Security Center Platform through the network, you can log in to the Security Center Platform to download the latest IPS signature database upgrade package, save the package to a local PC, and then upload the upgrade file to the device through FTP, TFTP, or web to upgrade the IPS signature database.

NOTE:
  • Because the signature database is not installed on the device, you must obtain the IPS license, and then download it to your local computer or install it online.
  • When the startup path is changed, you must load the signature library again through online or local upgrade.

Procedure

  • Online upgrade
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run update server { domain domain-name | ip ip-address } [ port port-number ]

      The IP address or domain name of the update server is configured.

      By default, the domain name of the update server is sec.huawei.com, and the port number is 80.

    3. Visit the upgrade server through the proxy server.

      1. Run update proxy enable

        The signature database proxy update function is enabled.

        By default, the signature database proxy update function is disabled.

      2. Run update proxy { domain domain-name | ip ip-address } [ port port-number ] [ user user-name [ password password ] ]

        The IP address or domain name of the proxy server is configured.

    4. Update the IPS signature database using the Security Center Platform or the internal upgrade server.

      • Upgrade through the Security Center Platform.

        To allow the device to access the Security Center Platform, configure the DNS function on the device.

        1. Run dns resolve

          The DNS function is enabled.

        2. Run dns server ip-address

          An IP address is configured for the DNS server.

    5. Scheduled upgrade

      1. Run update schedule ips-sdb enable

        The scheduled upgrade function of the IPS signature database is enabled.

        By default, the scheduled online upgrade function of the IPS signature database is enabled.

      2. Run update schedule [ { daily | weekly { Mon | Tue | Wed | Thu | Fri | Sat | Sun } } time ]

        The fixed online upgrade time of the IPS signature database is set.

        If no fixed upgrade time is set, a time between 22:00 and 08:00 is selected randomly as the daily upgrade time by default.

        It is recommended that you set time to the time when the device has the minimum traffic volume, for example, 6:00 am.

      3. Set the installation mode of the IPS signature database.

        An IPS signature database can take effect only after it is installed on a device. You can select the installation mode, that is, whether confirmation is needed. If you select the confirmation mode, the device asks you whether to install the IPS signature database before the upgrade is performed.

        The switching of new and old IPS signature databases will affect the intrusion detection effect. You can confirm the installation when the service traffic volume is small.

        • Installation after confirmation
          1. Run update confirm ips-sdb enable

            The installation confirmation function is enabled. The upgrade file downloaded at a fixed time will be installed after confirmation.

            By default, the manual confirmation of database installation is disabled. That is, the device automatically installs the upgrade files after downloading them.

          2. Run update apply ips-sdb

            The downloaded upgrade file is installed.

        • Installation without the need of confirmation

          Run undo update confirm ips-sdb enable

          The installation confirmation function is disabled. The upgrade file downloaded at a fixed time will be installed automatically without confirmation.

    6. (Optional) Immediate upgrade

      Generally, scheduled upgrade can meet service requirements. However, if new intrusion behaviors occur on the network but the update time is not reached, you can select immediate upgrade.

      1. Run update online ips-sdb

        The IPS signature database is upgraded immediately.

      2. Run update apply ips-sdb

        The downloaded upgrade file is installed.

  • Terminate upgrade

    If the update occupies too many network resources, you can run the command to terminate the update.

    NOTE:

    The update can be terminated only during file downloading.

    1. Run system-view

      The system view is displayed.

    2. Run update abort

      The upgrade is terminated.

  • Version rollback

    If an error occurs after the update or the new IPS signature database does not meet your requirements, use this command to roll back the database.

    NOTE:

    Before the version rollback, you are advised to run the display version ips-sdb command to view the information about the rollback version. Then, you can choose whether to perform the version rollback. If no rollback version is available, the version rollback fails. The version in the device remains unchanged.

    1. Run system-view

      The system view is displayed.

    2. Run update rollback ips-sdb

      The IPS signature database version is rolled back to the last version.

  • Local upgrade

    1. Run system-view

      The system view is displayed.

    2. Run update local ips-sdb file filename

      The IPS signature database is upgraded locally.

      NOTE:
      Terminate upgrade are not supported in the offline upgrade.

  • Version Restore

    NOTE:

    If the signature database is restored to the factory default version, all other versions on the device are deleted.

    1. Run system-view

      The system view is displayed.

    2. Run update restore sdb-default ips-sdb

      The IPS signature database is restored to the factory default version.

Verify the update result

  • Run the display engine information command to view the status of engines and the version of all signature databases.
  • Run the display version ips-sdb command to view version information of the IPS signature database.
  • Run the display update status command to view the update status.
  • Run the display update configuration command to view the update configuration.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 134016

Downloads: 242

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next