< Home

Configuring Application Behavior Control

This section describes how to configure application behavior control.

Context

The FW has a default profile named default for application behavior control, which defines the default action for each application behavior, as shown in the following figure. You cannot modify or delete the default profile.

When you reference a profile in a security policy, you can view the name of the default profile in the drop-down list. To view the configuration result, choose System > Configuration File Management. In Current Configuration, you can view that the security policy references the default profile, but the configuration information about the default profile is not displayed.

Table 1 Default profile for application behavior control

Name

Protocol

Application Behavior

Default Action

default

HTTP

POST

Permit

Web Browsing

Permit

Proxy

Permit

File Upload

Deny

File Download

Permit

FTP

File Upload

Permit

File Download

Permit

File Deletion

Permit

IM

Login to QQ

Permit

The FW supports user-defined profiles. You can specify the action for each protocol. To implement differentiated management of application behavior, you need to configure multiple application behavior control profiles. Set the parameters in each profile according to your requirements on application behavior control.

Procedure

  1. Choose Object > Security Profiles > Application Behavior Control.
  2. Click Add.
  3. Configure the application behavior control profile.

    Parameter

    Description

    Name

    Name of the application behavior control profile

    Description

    Description of the application behavior control profile. To clearly describe the usage of application behavior control profiles, you are advised to enter a meaningful description for each application behavior control profile.

    HTTP Behavior Control

    HTTP POST

    The POST method of HTTP is commonly used to send information to the server through web pages. For example, you are using this method when you post on BBS, submit forms, and use your user name and password to log in to a specific system.

    You can set alert threshold a and block threshold b to limit the size of the posted content if HTTP POST is allowed.

    HTTP Web Browsing

    You can use a web browser to browse web pages.

    HTTP Proxy

    You can use a proxy server to access specified websites. To implement this function, you must deploy the FW between the intranet and the proxy server.

    HTTP File Upload

    You can set alert threshold a and block threshold b to limit the size of the upload file if file upload is allowed.

    HTTP File Download

    You can set alert threshold a and block threshold b to limit the size of the download file if file download is allowed.

    This control option is used to control file download through HTTP. However, dedicated download software such as BT and eMule selected on the file download page cannot be controlled.

    FTP Behavior Control

    FTP File Upload

    You can set alert threshold a and block threshold b to limit the size of the upload file if file upload is allowed.

    FTP File Download

    You can set alert threshold a and block threshold b to limit the size of the download file if file download is allowed.

    FTP File Deletion

    You can delete a file from the FTP server.

    IM Behavior Control

    QQ Login

    You can control QQ login behavior.

    Whitelist

    You can configure QQ account whitelists.

    Blacklist

    You can configure QQ account blacklists.

    a: When the size of the upload or download file or the size of the posted content hits the alert threshold, the system generates a log to notify the device administrator.

    b: When the size of the upload or download file or the size of the posted content hits the block threshold, the system blocks the upload or download file or POST operation and generates a log to notify the device administrator.

    NOTE:

    By default, the alert threshold and block threshold are not configured to limit the sizes of upload and download files or the size of the posted content.

    You can configure the alert threshold, the block threshold, or both. If you configure both the alert threshold and block threshold, the alert threshold must be less than the block threshold.

  4. Click OK.
  5. Reference the application behavior control profile in the security policy.

    For details on how to configure the security policy, see Configuring a Security Policy.

  6. Click Commit.

    The configuration does not take effect immediately after you create or modify the profile. You must click Commit on the upper right of the interface to apply the configuration. To save time, you can commit the configuration after all operations on the profile are complete.

Follow-up Procedure

Check or release the reference between the security policy and profile.

  1. To check for profile that is referenced by security policies, click View under References in the list of profile.

  2. To release the reference between the security policy and profile, choose the security policy and click Release.

    Click Release All, you can release all the references.

Parent Topic: Configuring Application Behavior Control Using the Web UI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >