No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
cnc domain-filter enable

cnc domain-filter enable

Function

The cnc domain-filter enable command enables the domain name-based filtering function.

The undo cnc domain-filter enable command disables the domain name-based filtering function.

Format

cnc domain-filter enable [ action { alert | block } ]

undo cnc domain-filter enable

Parameters

Parameter Description Value
action Indicates the action.

-

alert

Indicates that the device permits packets matching a malicious domain name, but generates an alarm and logs the event.

-

block

Indicates that the device discards packets matching a malicious domain name and logs the event.

-

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

By default, domain name-based filtering is disabled.

After domain name-based filtering is enabled, the default action is alert for packets matching the specified condition. After running cnc domain-filter enable to enable the function or undo cnc domain-filter enable to disable the function, run engine configuration commit to commit the configuration change to apply it.

The domain name-based filtering function enables the device to filter out packets using the malicious domain name signature database. Upon receiving a packet matching a malicious domain name, the device implements the specified action and logs the threats for auditing and troubleshooting.

Example

# In IPS profile profile1, enable domain name-based filtering and set action to block.

<Huawei> system-view
[Huawei] profile type ips name profile1
[Huawei-profile-ips-profile1] cnc domain-filter enable action block
[Huawei-profile-ips-profile1] quit
[Huawei] engine configuration commit
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 195038

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next