< Home

Verification and Check

This section describes the verification and check operations after the file blocking feature is configured.

Verification

After configuring the file blocking feature, you can do as follows to check the configuration result:

Action

Command

Display the application categories that file blocking supports.

display file-block application

Display the response actions for file identification exceptions.

display file-block global-configuration

Display the predefined file types that file blocking supports.

display file-block pre-defined-type

Display the information about file blocking profiles.

display profile type file-block [ name name [ rule-name rule-name ] ]

After configuring the file blocking feature, you can do as follows to view or clear statistics:

Action

Command

Display the file blocking statistics.

display file-block statistics [ slot slot-id cpu cpu-id ]

Clear the file blocking statistics.

reset file-block statistics

Viewing Logs

After referencing the file blocking profile in the security policy, the FW checks the files matching the security policy. If a transferred file matches a file blocking rule, a content log is generated.

The following is an example of a content log (file blocking).

DLP/4/FILEBLOCK(l): An illegitimate file was transmitted. (SyslogId=100, 
VSys="test_vsys", Policy="test_policy", SrcIp=192.168.0.1, DstIp=172.16.99.2, 
SrcPort=2312, DstPort=80, SrcZone=Trust, DstZone=Untrust, User="test_user", Protocol=TCP, 
Application="HTTP", Profile="test_profile", Direction=download, FileName="test.doc", 
FileType="word2003file", Action=alert)

The following table lists the fields in a content log.

Field

Description

syslog-id

Log ID

vsys-name

Name of the virtual system

policy-name

Name of the security policy

source-ip

Source IP address of packets

destination-ip

Destination IP address of packets

source-port

Source port of packets (the value is 0 for ICMP packets)

destination-port

Destination port of packets (the value is 0 for ICMP packets)

source-zone

Source security zone of packets

destination-zone

Destination security zone of packets

user-name

User name

protocol

Protocol of the packets matching the signature

application-name

Protocol that carries the packets

profile-name

Profile name

direction

File transfer direction

file-name

Name of the filtered file

file-type

File type

action

Action for the signature

  • Alert
  • Block
Parent Topic: Configuring File Blocking Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic