< Home

Limitations and Precautions for Data Filtering

Read limitations and precautions before configuring data filtering.

Hardware Requirements

The data filtering function is supported by all models.

License Requirements

The data filtering function is not license-controlled.

Component package Requirements

The data filtering function is dependent on the content security component package. However, it does not require the content security component package be manually loaded. The content security component package is directly placed in the software package and automatically loaded during device startup.

Limitations

  • Data filtering does not apply to embedded files.
  • Data filtering by file attribute does not apply to office documents.
  • Data filtering does not apply to encrypted files.
  • Data filtering does not apply to resumable upload or download.
  • The data filtering function is not available in networking environments where the forward and return paths of packets are different.
  • Data filtering supports IPv4 and IPv6.
  • To filter the content of HTTPS traffic, configure SSL-encrypted traffic detection. For details, see SSL-Encrypted Traffic Detection.
  • The FTP application data filtering function of the FW takes effect only when the FTP server port is 21.

Precautions

  • If the FW is deployed between two routers, and the routers detect each other through BFD, you are advised to properly prolong the BFD time (longer than 100 ms is recommended) to prevent BFD flapping resulting from occasional network congestion.
  • During data filtering, if the data or application protocol contains the blocked field, the FW blocks the data. If the first packet returned by the file server contains the blocked field, the FW pushes a notification page. The function of pushing the notification page depends on the request and response mechanism of the file server. If the first packet returned by the file server does not contain the blocked field, the FW does not push the notification page.
  • The predefined keyword "mobile number" supports the following number segments:
    • Mobile numbers of China Mobile: number segments 134 (excluding 1349), 135, 136, 137, 138, 139, 147, 150, 151, 152, 157, 158, 159, 178, 182, 183, 184, 187, and 188 are supported. To add a number segment, configure it as a user-defined keyword.
    • Mobile numbers of China Unicom: number segments 130, 131, 132, 145, 155, 156, 175, 176, 185, and 186 are supported. To add a number segment, configure it as a user-defined keyword.
    • Mobile numbers of China Telecom: number segments 133, 1349, 153, 173, 177, 180, 181, 189, and 199 are supported. To add a number segment, configure it as a user-defined keyword.
Parent Topic: Data Filtering
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >