Auditing the Use of QQ
The audit function is enabled on the FW to audit the use of QQ.
Faced Problems
As shown in Figure 1, an enterprise deploys the FW as a gateway to connect the intranet to the Internet.
Intranet users use the QQ software for chatting, affecting the working efficiency and even brings about legal risks. In case of a security event, the owner cannot be located or traced.
Solution
With the audit function, the FW audits the use of QQ, facilitating the locating and tracing of users and providing the basis for tuning security policies in the future.
Configure an audit policy based on the traffic sent from intranet users to access the Internet and reference the audit profile in the audit policy to audit the use of QQ.
Click Add to create audit profile profile_audit and select IM Behavior Audit to audit Login and Logout.
- Click OK.
Click Add to create an audit policy. Configure matching conditions for the audit policy as required and reference the audit profile in the audit policy.
Set audit policy parameters. The referenced user group named users has been created.
Name policy1 Source zone trust Destination zone untrust Source Address/Region 192.168.0.0/255.255.255.0 User /default/users Action Audit Audit Configuration profile_audit - Click OK.
Verification
Choose . You can find the logs generated when the FW audits the use of QQ.
Configuration Scripts
The configuration script related to the example is as follows:
# profile type audit name profile_audit im-audit qq online im-audit qq offline # audit-policy rule name policy1 source-zone trust destination-zone untrust source-address 192.168.0.0 mask 255.255.255.0 user user-group /default/users action audit profile profile_audit #