Contents

APT defense commands· 1

application· 1

apt apply policy· 2

apt cache size· 2

apt policy· 3

description· 4

display apt cache· 4

display apt linkage state· 5

file max-size· 6

file-direction· 6

file-type· 7

linkage enable· 8

linkage try· 9

password· 9

sandbox· 10

sandbox-address· 11

username· 11

 

APT defense commands

application

Use application to specify the application layer protocols for sandbox inspection.

Use undo application to remove application layer protocols from the sandbox inspection.

Syntax

application { all | type { ftp | http | https | imap | nfs | pop3 | smb | smtp } * }

undo application { all | type { ftp | http | https | imap | nfs | pop3 | smb | smtp } * }

Default

No application layer protocols are specified for sandbox inspection.

Views

APT defense policy view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies all application layer protocols.

type: Specifies specific types of application layer protocols.

ftp: Specifies the FTP protocol.

http: Specifies the HTTP protocol.

https: Specifies the HTTPS protocol.

imap: Specifies the IMAP protocol.

nfs: Specifies the NFS protocol. Only NFSv3 is supported.

pop3: Specifies the POP3 protocol.

smb: Specifies the SMB protocol. Only SMBv1 and SMBv2 are supported.

smtp: Specifies the SMTP protocol.

Usage guidelines

This command defines packets of the specified application layer protocols to be sent to the sandbox.

Repeat this command to specify multiple application layer protocols.

Examples

# In APT defense policy policy1, configure the device to send the HTTP protocol packets to the sandbox.

<Sysname> system-view

[Sysname] apt policy policy1

[Sysname-apt-policy-policy1] application type http

apt apply policy

Use apt apply policy to apply an APT defense policy to a DPI application profile.

Use undo apt apply policy to remove the APT defense policy from a DPI application profile.

Syntax

apt apply policy policy-name

undo apt apply policy

Default

No APT defense policy is applied to a DPI application profile.

Views

DPI application profile view

Predefined user roles

network-admin

context-admin

Parameters

policy-name: Specifies an APT defense policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

An APT defense policy takes effect only after it is applied to a DPI application profile.

You can apply only one APT defense policy to a DPI application profile, and the applied APT defense policy must already exist.

If you execute this command for a DPI application profile multiple times, the most recent configuration takes effect.

Examples

# Apply APT defense policy policy1 to DPI application profile profile1.

<Sysname> system-view

[Sysname] app-profile profile1

[Sysname-app-profile-profile1] apt apply policy policy1

apt cache size

Use apt cache size to set the APT defense cache size.

Use undo apt cache size to restore the default.

Syntax

apt cache size cache-size

undo apt cache size

Default

The APT defense cache allows a maximum of 100000 entries.

Views

System view

Predefined user roles

network-admin

Parameters

cache-size: Specifies the cache size in the range of 100000 to 200000 entries.

Usage guidelines

This command is supported only on the default context. For more information about context, see Virtual Technologies Configuration Guide.

The device caches the inspection result returned from the sandbox in the APT defense cache for matching subsequent traffic.

If you set an APT defense cache size smaller than the existing APT cache size, the system will delete the existing oldest entries.

Examples

# Set the APT defense cache size to 200000 entries.

<Sysname> system-view

[Sysname] apt cache size 200000

apt policy

Use apt policy to create an APT defense policy and enter its view, or enter the view of an existing APT defense policy.

Use undo apt policy to delete an APT defense policy.

Syntax

apt policy policy-name

undo apt policy policy-name

Default

An APT defense policy named default exists.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

policy-name: Specifies the APT defense policy name, a case-insensitive string of 1 to 31 characters. The new APT defense policy name cannot be default.

Usage guidelines

An APT defense policy takes effect only after it is applied to a DPI application profile.

Examples

# Create APT defense policy policy1 and enter its view.

<Sysname> system-view

[Sysname] apt policy policy1

[Sysname-apt-policy-policy1]

Related commands

apt apply policy

description

Use description to configure a description for an APT defense policy.

Use undo description to restore the default.

Syntax

description description-string

undo description

Default

An APT defense policy does not have a description.

Views

APT defense policy view

Predefined user roles

network-admin

context-admin

Parameters

description-string: Specifies a description, a case-insensitive string of 1 to 255 characters.

Usage guidelines

A description allows easy identification of an APT defense policy.

Examples

# Configure the description as description1 for APT defense policy policy1.

<Sysname> system-view

[Sysname] apt policy policy1

[Sysname-apt-policy-policy1] description description1

display apt cache

Use display apt cache to display APT defense cache information.

Syntax

display apt cache [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays APT defense cache information on all member devices.

Usage guidelines

This command displays information in the APT defense cache. The MD5 values of files in the APT defense cache indicate the sandbox inspection results. The APT defense module caches the sandbox inspection results in the following lists:

·     Hit list—Cache the MD5 values of files that are identified as threats.

·     Non-hit list—Cache the MD5 values of files that are not threats or cannot be identified as threats.

Examples

# Display APT defense cache information.

<Sysname> display apt cache

Slot 1:

APT cache information:

Sandbox-query state : Disabled

Total cached non-hit entries : 0

Total cached hit entries : 0

Non-hit list min update interval : 0 seconds

Hit list min update interval : 0 seconds

Table 1 Command output

Field	Description
APT cache information	Information in the APT defense cache.
Sandbox-query state	Status of the sandbox inspection: ·     Enabled. ·     Disabled.
Total cached non-hit entries	Number of entries on the non-hit list.
Total cached hit entries	Number of entries on the hit list.
Non-hit list min update interval	Time elapsed since the last update on the non-hit list, in seconds.
Hit list min update interval	Time elapsed since the last update on the hit list, in seconds.

‌

display apt linkage state

Use display apt linkage state to display the connection status between the device and sandbox.

Syntax

display apt linkage state

Views

Any view

Predefined user roles

network-admin

context-admin

Examples

# Display the connection status between the device and sandbox.

<Sysname> display apt linkage state

*02 28 09:19:37:651 2019 H3C APT: -Context=1; Connection to the sandbox: Connected

file max-size

Use file max-size to set the maximum file size supported in the sandbox inspection.

Use undo file max-size to restore the default.

Syntax

file file-type max-size max-file-size

undo file file-type  max-size

Default

No maximum file size is set for sandbox inspection. The system uses the default file size limit on a per-file type basis.

Views

Sandbox view

Predefined user roles

network-admin

context-admin

Parameters

file-type: Specifies the supported file type name, a case-insensitive string. To obtain the supported file types, enter the question mark (?).

max-file-size: Specifies the maximum file size in KB. The maximum file size supported in the sandbox inspection varies by file type. To obtain the maximum file sizes for supported various file types, enter the question mark (?).

Usage guidelines

The files exceeding the maximum file size will not be sent to the sandbox.

Examples

# Set the maximum file size to 10240 KB for EXE files.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox] file exe max-size 10240

file-direction

Use file-direction to specify a file transfer direction for sandbox inspection.

Use undo file-direction to restore the default.

Syntax

file-direction { both | download | upload }

undo file-direction

Default

Both the uploaded and downloaded files are sent to the sandbox.

Views

APT defense policy view

Predefined user roles

network-admin

context-admin

Parameters

both: Specifies both the uploaded and downloaded files.

download: Specifies the downloaded files.

upload: Specifies the uploaded files.

Usage guidelines

The device sends only the files of the specified direction to the sandbox.

If you execute this command multiple times for an APT defense policy, the most recent configuration takes effect.

Examples

# Configure the device to send uploaded files to the sandbox in APT defense policy policy1.

<Sysname> system-view

[Sysname] apt policy policy1

[Sysname-apt-policy-policy1] file-direction upload

file-type

Use file-type to specify the file type for sandbox inspection.

Use undo file-type to remove the file type from the sandbox inspection.

Syntax

file-type { all | name &<1-8> }

undo file-type { all | name &<1-8> }

Default

No file type is specified for sandbox inspection.

Views

APT defense policy view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies all file types.

name &<1-8>: Specifies a space-separated list of up to eight file type names. Each name is a case-insensitive string. To obtain the supported file types, enter the question mark (?).

Usage guidelines

The device sends files of the specified types to the sandbox.

Repeat this command to specify multiple file types for sandbox inspection.

If you specify the following file types that contain multiple file formats, the configuration takes effect on all file formats:

·     BMP—BMP and DIB formats.

·     JPG—JPG, JPE, JPEG, and JFIF formats.

·     XML—MSC and XML formats.

·     RMVB—RMVB and RM formats.

·     TGZ—TGZ and TAR.GZ formats.

Examples

# Configure the device to send the doc files to the sandbox in APT defense policy policy1.

<Sysname> system-view

[Sysname] apt policy policy1

[Sysname-apt-policy-policy1] file-type doc

linkage enable

Use linkage enable to enable the linkage to the sandbox.

Use undo linkage enable to disable the linkage to the sandbox.

Syntax

linkage enable

undo linkage enable

Default

The linkage to the sandbox is disabled.

Views

Sandbox view

Predefined user roles

network-admin

context-admin

Usage guidelines

This command does not initiate a connection request to the sandbox. It only allows the linkage between the device and the sandbox. To establish a connection between the device and sandbox, execute the linkage try command.

Examples

# Enable the linkage to the sandbox.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox] linkage enable

Related commands

linkage try

password

sandbox-address

username

linkage try

Use linkage try to establish a connection between the device and sandbox.

Syntax

linkage try

Views

Sandbox view

Predefined user roles

network-admin

context-admin

Usage guidelines

This command takes effect only after the following conditions are met:

·     Sandbox parameters (including sandbox address, username, and password) are configured.

·     The linkage to the sandbox is enabled.

After you execute this command, the device initiates a connection request to the sandbox. After the connection is established, the device sends files to the sandbox for inspection.

Examples

# Establish a connection between the device and sandbox.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox] linkage try

Related commands

linkage enable

password

sandbox-address

username

password

Use password to set the password for logging in to the sandbox.

Use undo password to restore the default.

Syntax

password { cipher | simple } string

undo password

Default

No password is set for logging in to the sandbox.

Views

Sandbox view

Predefined user roles

network-admin

context-admin

Parameters

cipher: Specifies the password in encrypted form.

simple: Specifies the password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. The plaintext form is a case-sensitive string of 6 to 32 characters, and the string must contain any combination of letters, digits, and special characters. The encrypted form is a case-sensitive string of 32 characters, and the string must contain letters and digits.

Usage guidelines

If you change the login password when the device is connected to the sandbox, the connection will be terminated. You need to execute the linkage try command to re-establish the connection.

Examples

# Set the password for logging in to the sandbox to 123456abc in plaintext format.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox] password simple 123456abc

Related commands

sandbox-address

username

sandbox

Use sandbox to enter sandbox view.

Use undo sandbox to delete the configuration in sandbox view.

Syntax

sandbox

undo sandbox

Views

System view

Predefined user roles

network-admin

context-admin

Examples

# Enter sandbox view.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox]

sandbox-address

Use sandbox-address to specify the sandbox address.

Use undo sandbox-address to restore the default.

Syntax

sandbox-address address-string

undo sandbox-address

Default

No sandbox address is specified.

Views

Sandbox view

Predefined user roles

network-admin

context-admin

Parameters

address-string: Specifies the IP address or domain name of the sandbox, a case-insensitive string of 1 to 64 characters. Valid characters include letters, digits, underscores, hyphens (-), dots (.), and colons (:).

Usage guidelines

If you change the sandbox address when the device is connected to the sandbox, the connection will be terminated. You need to execute the linkage try command to re-establish the connection.

Examples

# Specify www.abc.com as the sandbox address.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox] sandbox-address www.abc.com

Related commands

password

username

username

Use username to set the username for logging in to the sandbox.

Use undo username to restore the default.

Syntax

username user-name

undo username

Default

No username is set for logging in to the sandbox.

Views

Sandbox view

Predefined user roles

network-admin

context-admin

Parameters

user-name: Specifies the login username, a case-insensitive string of 5 to 12 characters.

Usage guidelines

If you change the login username when the device is connected to the sandbox, the connection will be terminated. You need to execute the linkage try command to re-establish the connection.

Examples

# Set the username for logging in to the sandbox to userabc.

<Sysname> system-view

[Sysname] sandbox

[Sysname-sandbox] username userabc

Related commands

password

sandbox-address