Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W100
- 00-Preface
- 01-System management and maintenance FAQ
- 02-Device forwarding FAQ
- 03-License management FAQ
- 04-RBM-based hot backup FAQ
- 05-NAT FAQ
- 06-User access and authentication FAQ
- 07-Attack detection and prevention FAQ
- 08-IPS FAQ
- 09-Anti-virus FAQ
- 10-URL filtering FAQ
- 11-File filtering FAQ
- 12-Bandwidth management FAQ
- 13-SSL VPN FAQ
- 14-IPsec FAQ
- 15-Load balancing FAQ
- 16-Mirroring FAQ
- 17-IRF FAQ
- 18-Security policy FAQ
- 19-Security zone FAQ
- 20-ASPF FAQ
- 21-PKI FAQ
- 22-APR FAQ
- 23-DPI FAQ
- 24-Application audit and management FAQ
- 25-Data filtering FAQ
- 26-Data analysis center FAQ
- 27-WAF FAQ
- 28-AFT FAQ
- 29-SSL decryption FAQ
- 30-NetShare control FAQ
- 31-FAQ on Intranet security comprehensive scoring (Security overview)
- 32-Web operations FAQ
- Related Documents
-
22-APR FAQ
APR FAQ
Q. What are the similarities and differences between APR and other DPI services?
· Difference: APR uses the following methods to recognize an application: port-based application recognition (PBAR) and network-based application recognition (NBAR).
· Similarity: NBAR identifies applications by using the DPI engine.
Q. What protocols does NBAR support?
A. NBAR supports HTTP, TCP and UDP protocols.
The following example shows how to define an NBAR signature for the HTTP protocol:
[H3C] nbar application body protocol http
[H3C mbar application body] signature 1 field?
Uri uri
Raw uri raw uri
Raw body
Statusline
Raw header
Raw cookie
Raw content
Stat code
Stat msg stat msg
The following example shows how to define an NBAR signature for the UDP Protocol
[H3C] nbar application uuu protocol udp
[H3C nbar application uuu] si
[H3C mbar application uuu] signature 1?
Hex Add a signature pattern in hexadecimal
Offset Add signature offset
Regex Add signature pattern by regex
String Add signature pattern by string
The signature definition for the TCP protocol is similar to that of the UDP protocol.
Q. Is PBAR based on the source port or the destination port?
A. PBAR identifies applications based on the destination port. All packets destined for the port in a port mapping are regarded as packets of the mapped application. This function is available on the Web interface.
The following is the command used to configure an PBAR port mapping:
[H3C] port-mapping application {application name} port 3000 ?
Acl Specify acl filtering
Host Specify a host range
Protocol Specify a Layer 4 protocol
subnet Specify a subnet
Q. How many ports can PBAR map to an application in a port mapping?
A. A maximum of 1024 ports can be mapped to an application in a port mapping.
Q. How many signatures can I configure in an NBAR rule?
A. A maximum of eight signatures can be configured in an NBAR rule.
Q. Which protocols supported by PBAR cannot be recognized when a PBAR port mapping is referenced by other modules?
A. PBAR supports the following protocols: TCP, UDP, DCCP, SCTP, and UDP Lite. However, DCCP, SCTP, and UDP Lite cannot be identified when a PBAR port mapping is referenced by other modules (for example, bandwidth management and interzone policy).
Q. Why an interzone policy cannot block FTP data packets when ALG is enabled for FTP?
A. When ALG is enabled for dual-channel application-layer protocols (for example, FTP and RTSP) on the device, an association table will be generated to associate the control channel with the data channel. FTP data packets are blocked only if FTP control packets are blocked. FTP data packets cannot be separately blocked.
Q. What is the priority order of PBAR and NBAR?
A. The priority order is: user-defined PBAR > user-defined NBAR > predefined NBAR > predefined PBAR.
For the DPI module, NBAR is used to identify traffic if no user-defined PBAR port mappings are configured. If both traffic matches both a user-defined NBAR rule and a predefined NBAR rule, the traffic belongs to the application in the user-defined NBAR rule.
Q. In addition to DPI services, what other modules can trigger NBAR detection?
· Security policy (applications and application groups).
· Application audit and management.
· Bandwidth management (applications and application groups in a traffic policy).
Q. What is the difference between user-defined applications, user-defined NBAR, and user-defined PBAR?
A. User-defined applications can be created through user-defined PBAR or user-defined NBAR. When a PBAR port mapping or NBAR application is created, the user-defined application is created. You can use the display application user-defined command to display user-defined. If a user-defined application is created in both a PBAR port mapping and an NBAR application, to delete the application, you must delete both the PBAR port mapping and NBAR application.
Q. Can I map one port to multiple applications in a PBAR port mapping?
A. No. You cannot map one port to multiple applications in a PBAR port mapping. If you execute two commands with the same port and different applications, the late executed command overwrites the previous one.
However, you can map multiple ports to one application in a port mapping.
