Limitations and Precautions for Global IAE Configuration

Hardware Requirements

The global IAE configuration is supported by all models.

License Requirements

The URL remote query function is URL remote query license-controlled. For details about the license control scopes, see the License Control Items.

Component package Requirements

To use the URL remote query function, you need to load the URL remote query component package. For details about the component package, see Dynamic Loading.

Limitations

• The HTTP protocol decoding of the IAE engine supports only HTTP1.0/HTTP1.1, but not HTTP2.0. Therefore, content security features, including intrusion prevention, antivirus, URL filtering, application behavior control, file filtering, and audit, do not support HTTP 2.0 traffic detection.
• If the URL remote query license and component package are not loaded, the configuration items of the URL remote query server are unavailable on the web UI.
• If the maximum number of decompression layers and the maximum size of decompressed files are greater than the specified values, the detection results of antivirus, file filtering, and content filtering are affected.
• By default, the FW permits resumable file transfer of HTTP or FTP. In this case, antivirus, data filtering, file blocking, and intrusion prevention do not take effect for the traffic.
• After the maximum file decompression depth is changed, malicious files with multiple compression layers may be permitted by the FW because the number of compression layers exceeds the specified value. To increase the maximum file decompression depth, the load of the FW will be increased, affecting the device performance. Therefore, the suitable global IAE configurations improve the detection efficiency and reduces the residual error rate. Generally, the default values of global parameters are recommended.
• For a single compressed file, the default detection timeout interval is 10 seconds. If a multilayer compressed file containing an RAR or 7ZIP compressed package is detected in full-text scanning mode, if the size of the compressed file to be detected is too large, the detection times out and the file is directly released.