No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Data Filtering Is Configured But Does Not Take Effect

Publication Date:  2019-01-24 Views:  62 Downloads:  0
Issue Description

The data filtering function is configured on the NGFW to block the transmission of packets containing specific keywords between security zones. However, the traffic that should be blocked can still be transmitted normally.

Handling Process

Cause 1: Traffic does not match the expected security policy.

1. Choose Monitor > Log > Policy Matching Log.

2. Click Advanced Search in the upper right corner and specify the source user and application.

Source user: name of the user account used by the administrator for testing, for example, User0001.

Application: name of the protocol or application program used by the administrator for testing

3. Click Search.

4. In the displayed security policy log, check whether the test traffic matches the expected security policy.

If not, choose Policy > Security Policy > Security Policy to adjust the sequence or parameters of the security policy.

If so, go to cause 2.

Cause 2: The security policy does not reference any data filtering profile or references an incorrect data filtering profile.

1. Click the name of the security policy queried in step 1. On the Modify Security Policy page, you can view the data filtering profile referenced by the security policy.

If the security policy does not reference any data filtering profile or references an incorrect data filtering profile, select the data filtering profile planned for this security policy.

If the security policy references the correct data filtering profile, go to cause 3.

Cause 3: The conditions of data filtering rules are incorrectly configured.

1. Click Configure on the right side of Data Filtering.

2. On the Modify Data Filtering Profile page, check whether the conditions of the data filtering rules are correct.

Check whether the application, file type, and direction of each rule can match all files to be blocked.

If the conditions of the data filtering rules are incorrect, modify the rules.

If the conditions of the data filtering rules are correct, go to cause 4.

Cause 4: The keyword group does not contain the keyword to be filtered.

1. Choose Object > Keyword Group.

2. Click the keyword group referenced by the data filtering profile to check whether the user-defined and predefined keywords in the keyword list contain the content that needs to be filtered.

If not, modify the configuration of the keyword group so that the keyword group contains the content that needs to be filtered.

If so, go to cause 5 or 6.

Cause 5: The action of the matched data filtering rule is Alert.

1. On the Modify Data Filtering Profile page, check the actions of the data filtering rules.

If the action of the matched rule is Alert, and the setting complies with the planning, the file transfer is allowed but a log is recorded accordingly.

If the action of the matched rule is Alert, but the planned action is Block or Operate by Weight, you need to change the action of the rule.

Cause 6: The action of the data filtering rule is Operate by Weight, but the weight of the keyword is smaller than the block threshold.


Note: Adjusting the block threshold and keyword weight requires repeated testing and adjustment.


1. Choose Object > Security Profile > Data Filtering to view the block threshold. If the value is too large, set the block threshold to a smaller value.

2. Choose Object > Keyword Group to view the keyword weight. If the value is too small, increase the weight.

Root Cause

Cause 1: Traffic does not match the expected security policy.

Cause 2: The security policy does not reference any data filtering profile or references an incorrect data filtering profile.

Cause 3: The conditions of data filtering rules are incorrectly configured.

Cause 4: The keyword group does not contain the keyword to be filtered.

Cause 5: The action of the matched data filtering rule is Alert.

Cause 6: The action of the data filtering rule is Operate by Weight, but the weight of the keyword is smaller than the block threshold.

END