< Home

Verification and Check

This section describes the verification and check operations after the application behavior control feature is configured.

Verification

After configuring the application behavior control feature, you can do as follows to check the configuration result.

Operation

Command

View information about the application behavior control profile.

display profile type app-control [ name name [ protocol { http | ftp | im } ] ]

After configuring the application behavior control feature, you can do as follows to view or clear statistics:

Operation

Command

View application behavior control statistics.

display app-control statistics [ slot slot-id cpu cpu-id ]

Clear application behavior control statistics.

reset app-control statistics [ slot slot-id cpu cpu-id ]

Viewing Logs

After referencing the application behavior control profile, the FW checks traffic that matches the security policy. When detecting HTTP, FTP or QQ login behavior, the FW takes the action specified in the application behavior control profile and generates a log. The following log is generated after an FTP file download behavior is blocked.

APPCTL/4/BEHAVIORCTL(l)[0]:The application behavior control policy was matched. (SyslogId=1, VSys="public",
 Policy="policy1", SrcIp=192.168.0.2, DstIp=192.168.1.2, SrcPort=59146, DstPort=21, SrcZone=trust
, DstZone=untrust, User="user01", Protocol=TCP, Application="FTP", Profile="profile_appctl", Direction=download,
 Behavior="FTP File Download", Action=Block)

The following table describes the meanings of each field.

Field

Description

SyslogId

Log ID

VSys

Name of the virtual system

Policy

Name of a security policy

SrcIp

Source IP address of packets

DstIp

Destination IP address of packets

SrcPort

Source port of packets

DstPort

Destination port of packets

SrcZone

Source security zone of packets

DstZone

Destination security zone of packets

User

User name

Protocol

Protocol name

Application

Application name

Profile

Profile name

Direction

File transfer directions:

  • Upload
  • Download

Behavior

User application behaviors:

  • HTTP file upload
  • HTTP file download
  • HTTP posting
  • Internet access through HTTP proxy
  • HTTP web browsing
  • Size of the HTTP file to be uploaded
  • Size of the HTTP file to be downloaded
  • FTP file upload
  • FTP file download
  • FTP file deletion
  • Size of the FTP file to be uploaded
  • Size of the FTP file to be downloaded
  • Login to QQ

Action

Actions for application behavior control events:

  • Alert
  • Block
Parent Topic: Configuring Application Behavior Control Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic