< Home

action (flow probe policy rule view)

Function

The action command sets an action in a flow probe policy rule.

Format

action probe { network-layer | application-layer }*

action no-probe

Parameters

Parameter Description Value

network-layer

Collects network-layer and transport-layer information of traffic.

NOTE:

All models except USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.

-

application-layer

Collects application-layer information of traffic.

-

no-probe

Collects no traffic information.

-

Views

Flow probe policy rule view

Default Level

2: Configuration level

Usage Guidelines

If you specify network-layer application-layer or application-layer network-layer in this command, both non-encrypted and encrypted traffic can be collected. During the collection of encrypted traffic, the Encrypted Communication Analytics (ECA) function is used. This function does not need to decrypt traffic. Instead, it collects SSL protocol negotiation information, packet statistics information, and DNS and HTTP protocol information of the traffic. Then it sends the information to the HiSec Insight in metadata format. The HiSec Insight analyzes and assesses the information to identify malicious encrypted traffic.

Example

# Set the response action of flow probe policy rule policy_probe to network-layer.

<sysname> system-view
[sysname] flow-probe-policy
[sysname-policy-probe] rule name policy_probe
[sysname-policy-probe-rule-policy_probe] action probe network-layer
Parent Topic: Flow Probe Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >