Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W101
- 00-Preface
- 01-AFT FAQ
- 02-Anti-virus FAQ
- 03-Application audit and management FAQ
- 04-APR FAQ
- 05-ASPF FAQ
- 06-Attack detection and prevention FAQ
- 07-Bandwidth management FAQ
- 08-Data analysis center FAQ
- 09-Data filtering FAQ
- 10-Device forwarding FAQ
- 11-DPI FAQ
- 12-FAQ on Intranet security comprehensive scoring (Security overview)
- 13-File filtering FAQ
- 14-IPsec FAQ
- 15-IPS FAQ
- 16-IRF FAQ
- 17-License management FAQ
- 18-Load balancing FAQ
- 19-Mirroring FAQ
- 20-NAT FAQ
- 21-NetShare control FAQ
- 22-PKI FAQ
- 23-RBM-based hot backup FAQ
- 24-Security zone FAQ
- 25-Security policy FAQ
- 26-SSL decryption FAQ
- 27-SSL VPN FAQ
- 28-System management and maintenance FAQ
- 29-URL filtering FAQ
- 30-User access and authentication FAQ
- 31-WAF FAQ
- 32-Web operations FAQ
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Application audit and management FAQ | 25.10 KB |
Application audit and management FAQ
Q. What is the difference between application audit and application recognition?
A. Based on application recognition (APR), application audit audits and records Internet access behaviors of users by identifying behaviors (for example, login and message sending in IM applications) and behavior objects (for example, account information for IM login).
Both of them use the APR signature library. However, the factory default APR signature library (version 1.0.0) does not support auditing.
After you installing the APR license and updating the APR signature library to the latest version, you can use application audit .
Q. Should I use interzone block or audit block to block applications?
A. Use audit block to block specific behaviors of applications, and use interzone block to block all behaviors of applications.
Q. What is the defect of audit block?
A. After a WeChat or QQ account logs in, audit block cannot block text or voice messages, because the login flow, text flow, and voice flow belong to the same persistent connection.
Q. What are the two match modes for audit rules?
A. The following rule match modes are available:
· In-order: The device compares packets with audit rules in ascending order of rule ID. When a packet matches a rule, the device stops the match process and performs the action defined in the rule.
· All: The device compares packets with audit
rules in ascending order of rule ID.
If a packet matches a rule with the permit action, all subsequent rules
continue to be matched.
If a packet matches a rule with the deny action, the device stops the match
process and performs the deny action. The device takes the action with higher
priority on matching packets. The deny action has higher priority than the
permit action.
Q. How many keyword groups can be specified for an audit rule?
A. A maximum of 64 keyword groups can be specified for an audit rule.
