< Home

Configuring Cloud Access Security Awareness

This section describes how to configure cloud access security awareness.

Prerequisites

Ensure that the service awareness signature database has been loaded on the FW and upgrade it to the latest version. For details on how to upgrade the service awareness signature database, see Update Center.

Context

The FW has a default cloud access security awareness profile named default. The default profile defines the default value for different behavior of each cloud app. The default profile cannot be modified or deleted.

You can run the display profile type casa name default command on the CLI to view the configuration information about the default profile. IF you use the CLI to reference the default profile in a security policy, you must enter the complete profile name (such as default). Otherwise, the profile fails to be referenced. To view the configuration result, run the display current-configuration command. Then you can view that the security policy references the default profile, but the configuration information about the default profile is not displayed.

The FW supports user-defined profiles. You can set different actions for the behavior of each application to meet the fine-grained and differentiated control requirements.

Procedure

  1. Create a cloud access security awareness profile in the system view.

    profile type casa name name

  2. Optional: Configure a description for the cloud access security awareness profile.

    description description

  3. Configure actions for cloud applications.

    application name name action { alert | allow | block }

    Set actions for different behavior of cloud applications. The supported actions include:

    • Allow: permits packets.

    • Alert: permits packets and generates logs.

    • Block: blocks packets and generates logs.

  4. Reference the cloud access security awareness profile in the security policy.

    For details on how to configure the security policy, see Configuring a Security Policy.

  5. Return to the system view, commit the profile.

    engine configuration commit

    The new or modified security profile does not take effect until you run the engine configuration commit command to commit the configuration. To save time, you can commit changes after all changes are made.

Follow-up Procedure

After configuring the cloud access security awareness profile, adjust it as follows:

  • Run the rename new-name command in the cloud access security awareness profile view to rename the profile.
  • In the system view, run the profile type casa copy old-name [ new-name ] command to create a profile by copying an existing one.
Parent Topic: Configuring Cloud Access Security Awareness Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >