Scheduling center (sec.huawei.com) provides multiple remote services, such as URL category query and file reputation query services. To successfully obtain the remote query service, you shall correctly set parameters on the FW.
To use remote query services, ensure that:
The DNS server address is set, and the DNS server can correctly resolve domain name sec.huawei.com.
A security policy has been configured to permit the following user-defined service traffic to pass through the FW:
If the remote query service is in local query mode, the ports of the dispatch and query servers may be manually changed. You shall adjust corresponding configurations in security policies.
The FW has multiple features supporting the remote query service, such as URL remote query and file reputation remote query. They are similar in the mechanism and configuration but independent in the function.
Generally, the remote query service is completed by security center, dispatch server and query server. The functions of the devices are as follows:
Scheduling center: The scheduling center authenticates the FW. If the authentication succeeds, the scheduling center provides the FW with the address and port of the dispatch server address in the country or region where the FW resides.
To enable the FW to interact with the scheduling center, configure the security policy to permit related traffic and set the protocol to TCP and the destination port number to 443 on the FW.
Dispatch server: provides the FW with the addresses and ports of query servers in the region where the FW resides. Dispatch servers are deployed by region. Therefore, you need to correctly configure country information on the FW. Otherwise, the addresses and port numbers of dispatch servers cannot be obtained.
To enable the FW to interact with a dispatch server, configure the security policy to permit related traffic and set the protocol to TCP and the destination port number to 12612 on the FW.
Query server: processes query requests and sends the query results to the FW. Query servers are also deployed by region and are mapped with dispatch servers. A dispatch server provides the FW with the address and port number of the query server in the same region.
To enable the FW to interact with a query server, configure the security policy to permit related traffic and set the protocol to UDP and the destination port number to 12600 on the FW.
Based on the preceding content, it can be concluded that the FW can communicate with the scheduling center only when it is connected to the Internet. However, the FW of certain users cannot connect to the Internet. If these users need to use the remote query service, they can purchase Huawei SecoCenter and deploy it on the local network. The SecoCenter has the dispatch and query servers integrated. For details, see its product manual.
Based on the server deployment location, the FW supports two remote query modes, namely, the remote and local modes.
In remote mode, the FW communicates with the scheduling center. The dispatch server forwards query request to the query server in the corresponding country or region based on the country information configured on the FW.
In local mode, the FW communicates with the SecoCenter but not the scheduling center.
Configure the status of remote query.
cloud-query remote { file-reputation | url } enable
By default, file reputation remote query and URL remote query are enabled.
Set the deployment mode of the dispatch server to remote mode.
undo cloud-query dispatch-server { file-reputation | url }
By default, the dispatch server is deployed in remote mode.
Set the country where the FW resides.
country country-code
By default, the country where the FW resides is not set.
This item must be set when Query Mode of the URL remote query service is set to remote mode. If the country information is not configured or the configuration information is inconsistent with the actual location of the FW, the URL remote query service is unavailable. In addition, this item must be configured when the user experience plan or cloud sandbox function are configured.
Configure the IP address of a DNS server.
dns server ip-address
Obtain the IP address of the DNS server from the carriers.
Configure the domain name of the scheduling center.
dns domain domain-name
The default domain name of the scheduling center is sec.huawei.com.
Set the deployment mode of the dispatch server to local mode.
cloud-query dispatch-server { file-reputation | url } local ip ip-address [ port port-number ]
By default, the dispatch server is deployed in remote mode. The default port-number of the dispatch server is 12612.
Run the display cloud-query configuration command in any view to query the global configurations of remote query, check whether related configurations are correctly delivered and check whether the remote query service is operating properly.