MSR Routers

Signature Library Update Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The information in this document is subject to change without notice.

Contents

Introduction· 1

Prerequisites· 1

Example: Configuring signature library update· 1

Network configuration· 1

Software version used· 1

Restrictions and guidelines· 2

Procedures· 2

Configuring a WAN interface· 2

Configuring a LAN interface· 3

Updating a signature library locally· 4

Updating a signature library online· 5

Verifying the configuration· 5

 

Introduction

The following information provides an example of Web-based signature library update methods on the router. The device uses signatures to identify application layer traffic. The device supports application signature library and URL signature library. You can update signature libraries to the latest version for network behavior management.

The following methods are available for updating signature libraries on the device:

·     Local update: When the device cannot obtain a signature library file automatically, you must obtain the most up-to-date signature file, and then use the file to update the local signature library on the device.

·     Online update: When the device can obtain a signature library file automatically, you can enable online update for the device to automatically download the most up-to-date signature file. Then, import the file to the device to update the signature library.

Prerequisites

This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of signature library update.

Example: Configuring signature library update

Network configuration

As shown in Figure 1, the host is directly connected to the device. Configure the device to perform the local or online signature library update.

Figure 1 Network diagram

 

Software version used

This configuration example was created and verified on the H3C MSR3610-X1 product of R6749P14. The operations might differ by product model and software version.

Restrictions and guidelines

·     The signature library update feature requires a license to run on the device. If the license expires, the services on the device are still available with the existing signature libraries but you can no longer update the signature libraries on the device.

·     Do not perform the signature library update when the device's free memory reaches an alarm threshold. If you fail to do so, the signature library update will fail, which affects network behavior management.

Procedures

Configuring a WAN interface

1.     From the navigation pane, select Network > WAN Settings.

2.     On the Scene tab, select Single-WAN scenario, select WAN1(GE1) for Line 1, and then click Apply.

Figure 2 Scenario definitions

 

3.     Click the WAN Settings tab.

4.     Click the edit icon in the Actions column for Line 1.

5.     Select Fixed IP, PPPOE, or DHCP from the Connection mode list. This example selects Fixed IP.

6.     In the IP address and Mask subnet fields, enter 10.1.1.1 and 255.255.255.0, respectively.

7.     From the NAT function list, select Enable.

8.     In the TCP MSS field, enter 1280.

9.     In the  MTU field, enter 1500.

10.     Click Apply.

Figure 3 Configuring a WAN interface

 

Configuring a LAN interface

1.     From the navigation pane, select Network > LAN Settings.

2.     On the LAN Settings tab, click Add to access the LAN adding page.

3.     In the LAN interface type field, select GE interface.

4.     In the Please choose GE interface field, select GE2.

5.     In the IP address and Mask subnet fields, enter 10.1.1.1 and 255.255.255.0, respectively.

6.     In the TCP MSS field, enter 1280.

7.     In the  MTU field, enter 1500.

8.     Select Enable DHCP. Configure the start address of the address pool as 20.1.1.1, the end address of the address pool as 20.1.1.254, the forbidden address as 20.1.1.1, the gateway address as 20.1.1.1, and  DNS1 address as 20.1.1.1. 

9.     Click Apply.

Figure 4 Configuring a LAN interface

 

Updating a signature library locally

1.     From the navigation pane, select Network Behaviors > Signature Database.

2.     On the Application signature database or URL signature database tab, click the Import signatures tab.

3.     On the page that opens, click Browse and then select a signature file.

4.     Click Apply.

Figure 5 Updating a signature library locally

 

Updating a signature library online

Restriction and guidelines

For successful online signature database update, make sure the device can resolve the domain name of the official website into an IP address through DNS.

Procedures

1.     From the navigation pane, select Network Behaviors > Signature Database.

2.     On the Application signature database or URL signature database tab, click the Update online tab.

Figure 6 Updating a signature library online

 

Verifying the configuration

On the Network Behaviors > Network Behaviors page, select a newly added application identification item or the unidentified application identification item before the update, and identify whether these items can be identified after the update.