Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W100
- 00-Preface
- 01-System management and maintenance FAQ
- 02-Device forwarding FAQ
- 03-License management FAQ
- 04-RBM-based hot backup FAQ
- 05-NAT FAQ
- 06-User access and authentication FAQ
- 07-Attack detection and prevention FAQ
- 08-IPS FAQ
- 09-Anti-virus FAQ
- 10-URL filtering FAQ
- 11-File filtering FAQ
- 12-Bandwidth management FAQ
- 13-SSL VPN FAQ
- 14-IPsec FAQ
- 15-Load balancing FAQ
- 16-Mirroring FAQ
- 17-IRF FAQ
- 18-Security policy FAQ
- 19-Security zone FAQ
- 20-ASPF FAQ
- 21-PKI FAQ
- 22-APR FAQ
- 23-DPI FAQ
- 24-Application audit and management FAQ
- 25-Data filtering FAQ
- 26-Data analysis center FAQ
- 27-WAF FAQ
- 28-AFT FAQ
- 29-SSL decryption FAQ
- 30-NetShare control FAQ
- 31-FAQ on Intranet security comprehensive scoring (Security overview)
- 32-Web operations FAQ
- Related Documents
-
24-Application audit and management FAQ
Application audit and management FAQ
Q. What is the difference between application audit and application recognition?
A. Based on application recognition (APR), application audit audits and records Internet access behaviors of users by identifying behaviors (for example, login and message sending in IM applications) and behavior objects (for example, account information for IM login).
Both of them use the APR signature library. However, the factory default APR signature library (version 1.0.0) does not support auditing.
After you installing the APR license and updating the APR signature library to the latest version, you can use application audit .
Q. Should I use interzone block or audit block to block applications?
A. Use audit block to block specific behaviors of applications, and use interzone block to block all behaviors of applications.
Q. What is the defect of audit block?
A. After a WeChat or QQ account logs in, audit block cannot block text or voice messages, because the login flow, text flow, and voice flow belong to the same persistent connection.
Q. What are the two match modes for audit rules?
A. The following rule match modes are available:
· In-order: The device compares packets with audit rules in ascending order of rule ID. When a packet matches a rule, the device stops the match process and performs the action defined in the rule.
· All: The device compares packets with audit
rules in ascending order of rule ID.
If a packet matches a rule with the permit action, all subsequent rules
continue to be matched.
If a packet matches a rule with the deny action, the device stops the match
process and performs the deny action. The device takes the action with higher
priority on matching packets. The deny action has higher priority than the
permit action.
Q. How many keyword groups can be specified for an audit rule?
A. A maximum of 64 keyword groups can be specified for an audit rule.
