< Home

Configuring File Decompression

The FW supports filtering a decompressed file based on file content. You can set the decompression layers and the size of a decompressed file. The FW can process oversized decompression files and the files with multiple decompression layers.

Context

The FW detects compressed file by flow and implements decompression and content security detection simultaneously. If a data flow contains threat information, the FW processes the flow based on the content security configuration. If the data flow is secure and the decompression depth of a file or file size exceeds the specified value, the FW will take the action for the situation in which the maximum decompression depth or the maximum file size is exceeded:

  • Allow: Allows the file transfer. This is the default action.

  • Alert: Allows the file transfer and generates a log.

  • Block: Blocks the file transfer and generates a log.

  • Because the device does not support the block action for NFS, if the application is NFS and the action is block, the device will take the alert action.

  • If the application is IMAP or POP3 and the action is block, the device will delete attachments.

Procedure

  1. Access the system view.

    system-view

  2. Set the maximum decompression layer for file.

    file-frame decompress depth decompress-depth

    By default, the maximum number of decompression layers is 3.

  3. Set the action for the decompressed files with more than the specified decompression layers.

    file-frame decompress depth action { alert | allow | block }

    The default action is allow for the files exceeding the specified maximum decompression layers.

  4. Set the maximum size of decompressed files.

    file-frame decompress size file-size

    By default, the maximum file size is 100 MB.

    For the compressed files in 7ZIP and RAR formats, the maximum decompression file size of the USG6510E/6510E-POE is 1M, and the maximum value of this parameter can only be set to 1M. The default maximum decompression file size of other models except the preceding models is 10M, and the maximum value of this parameter can only be set to 10M.

  5. Set the action for the decompressed files larger than the maximum file size.

    file-frame decompress size action { alert | allow | block }

    The default action is allow when the maximum file size is exceeded.

  6. Commit the configurations for compilation.

    engine configuration commit

    After you configure file decompression, the configurations do not take effect until you run the engine configuration commit command to commit them. To save time, you can submit the configuration after all operations on the profile and global configurations are complete.

Parent Topic: Configuring Global IAE Parameters Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >