The original DPI file of the USG2110-F is 18.104.22.168. After configuring IM blocking, perform tests. Tencent QQ and MSN cannot be used, while the Real Time Exchange (RTX) can be used, meeting test requirements. After the DPI file is upgraded to 22.214.171.124, Tencent QQ, RTX, and MSN cannot be used.
1.2 Fault symptom
The customer deploys a USG2210 of V100R005C00SPC500 and upgrades it to V100R005C00SPC700. The DPI file (sam_new.rul) of version 126.96.36.199 is automatically imported to hda1: on the USG2210. After the customer completes P2P rate limit and IM blocking tests, all functions are normal, and the RTX required by customer for work can be properly used. After the customer upgrades the USG2110-F of V100R005C00SPC500 to V100R005C00SPC700, the DPI file is not imported on the USG2110-F although the USG2110-F is configured with the automatic download function. Then the customer downloads the DPI file of version 188.8.131.52 from the Huawei Symantec security platform, and performs tests. Tencent QQ and MSN cannot be used, meeting test requirements. However, the RTX cannot be used.
After knowing the fault, first advise the customer to disable IM blocking and perform tests. If QQ, MSN, and RTX can be used, the fault is caused by IM blocking configured on the device. Then advise the customer to roll back the DPI version 184.108.40.206 to 220.127.116.11. Tencent QQ and MSN cannot be used, but the RTX can be used. This indicates that the protocol used by the RTX matches the feature fields in the DPI file. However, the RTX category is not found in the IM blocking categories. Ask R&D to help establish an environment. Test the RTX and capture packets. It is analyzed that the RTX uses a protocol same as the QQ_Wireless. The customer also configures QQ_Wireless blocking during the IM blocking configuration. As a result, the RTX is blocked. Inform the customer to cancel QQ_Wireless blocking and perform tests. Confirm with the customer that the fault is rectified.
Establish an RTX usage environment and capture packets transmitted when the RTX is used. It is analyzed and confirmed that the RTX uses a protocol same as the QQ_Wireless protocol (used by mobile QQ) under the IM category in the 18.104.22.168 knowledge library. That is, the RTX and mobile QQ use the same protocol for communication. However, QQ_Wireless blocking is configured on the device. As a result, the RTX is blocked.
Use simple methods to quickly locate the fault based the fault symptom, repeat tests, locate the root cause, and provide feasible solutions to the root cause.