< Home

deception security-policy-deny enable

Function

The deception security-policy-deny enable command enables the security-policy-deny deception function.

The undo deception security-policy-deny enable command disables the security-policy-deny deception function.

Format

deception security-policy-deny enable

undo deception security-policy-deny enable

Parameters

None

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

The security-policy-deny deception function is disabled by default.

After the security-policy-deny deception function is enabled, the DecoySensor analyzes the SYN packets and ping packets whose destination or source IP addresses are in the detected network segment. If the number of port scans sent from the same source address reaches the threshold and the security policy of the DecoySensor denies forwarding of the traffic, the DecoySensor performs the following operations:
  • If the Decoy supports the corresponding service request, the traffic is deceived to the Decoy for in-depth interactive detection.
  • If the Decoy does not support the corresponding service request, packets are discarded.

The security-policy-deny deception function takes effect only after the deception function is enabled using deception enable.

Example

# Enable the security-policy-deny deception function.

<FW> system-view
 [FW] deception
 [FW-deception] deception security-policy-deny enable
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >