Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-DPI overview | 78.43 KB |
DPI overview
About DPI
Deep packet inspection (DPI) inspects application layer payloads to protect the network against application layer malicious activities, such as worms, viruses, spams, breaches, and information leakage.
Traditional security technology relies on the network layer and transport layer. DPI further enhances network security.
DPI functions
DPI provides the following functions:
· Service identification—The DPI engine identifies the service of a data flow by analyzing the application layer payload and matching the payload against signatures. DPI engine informs the DPI service modules of the identification results for service control.
· Service control—DPI service modules control services flexibly by using DPI service policies. Actions that DPI service policies use for data flows include permit, drop, block source, reset, capture, and log.
· Service statistics—DPI provides service statistics about service types, protocol parsing, signature inspection, and packet processing. Service statistics visually display the distribution of data flows and the use of different services. You can find factors that might promote service development or affect network operation.
DPI signature libraries
A DPI signature library is a collection of common signatures that DPI uses for service identification. H3C releases up-to-date signatures in the form of DPI signature library files. You can manually download the files or configure the device to automatically download the files to update the DPI signature libraries. You can also define signatures of your own as required.
The device supports the following DPI signature libraries:
· IPS signature library.
· APR signature library.
· Virus signature library.
· WAF signature library.
DPI services
Table 1 lists the supported DPI services.
Table 1 DPI services
|
DPI service |
Function |
|
IPS |
Monitors network traffic for malicious activities and proactively takes actions to protect the network against attacks. |
|
Anti-virus |
Inspects and handles viruses in files to protect the internal network. |
|
NBAR |
Identifies the application layer protocols of packets by comparing packet content against signatures. For more information about NBAR, see Security Configuration Guide. |
|
Web application firewall (WAF) |
Protects the internal clients and Web servers by blocking Web application layer attacks. |
DPI mechanism
DPI can be implemented based on virtual servers.
Virtual server-based DPI mechanism
The virtual server protects the internal Web servers and load balancing devices by preventing attacks and threats. The virtual server uses a DPI application profile to provide DPI services for packets passing through the virtual server.
DPI configuration workflow
The basic DPI configuration workflow is shown in Figure 1.
Figure 1 DPI configuration flow
