Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W101
- 00-Preface
- 01-AFT FAQ
- 02-Anti-virus FAQ
- 03-Application audit and management FAQ
- 04-APR FAQ
- 05-ASPF FAQ
- 06-Attack detection and prevention FAQ
- 07-Bandwidth management FAQ
- 08-Data analysis center FAQ
- 09-Data filtering FAQ
- 10-Device forwarding FAQ
- 11-DPI FAQ
- 12-FAQ on Intranet security comprehensive scoring (Security overview)
- 13-File filtering FAQ
- 14-IPsec FAQ
- 15-IPS FAQ
- 16-IRF FAQ
- 17-License management FAQ
- 18-Load balancing FAQ
- 19-Mirroring FAQ
- 20-NAT FAQ
- 21-NetShare control FAQ
- 22-PKI FAQ
- 23-RBM-based hot backup FAQ
- 24-Security zone FAQ
- 25-Security policy FAQ
- 26-SSL decryption FAQ
- 27-SSL VPN FAQ
- 28-System management and maintenance FAQ
- 29-URL filtering FAQ
- 30-User access and authentication FAQ
- 31-WAF FAQ
- 32-Web operations FAQ
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-APR FAQ | 39.25 KB |
APR FAQ
Q. What are the similarities and differences between APR and other DPI services?
· Difference: APR uses the following methods to recognize an application: port-based application recognition (PBAR) and network-based application recognition (NBAR).
· Similarity: NBAR identifies applications by using the DPI engine.
Q. What protocols does NBAR support?
A. NBAR supports HTTP, TCP and UDP protocols.
The following example shows how to define an NBAR signature for the HTTP protocol:
[H3C] nbar application body protocol http
[H3C mbar application body] signature 1 field?
Uri uri
Raw uri raw uri
Raw body
Statusline
Raw header
Raw cookie
Raw content
Stat code
Stat msg stat msg
The following example shows how to define an NBAR signature for the UDP Protocol
[H3C] nbar application uuu protocol udp
[H3C nbar application uuu] si
[H3C mbar application uuu] signature 1?
Hex Add a signature pattern in hexadecimal
Offset Add signature offset
Regex Add signature pattern by regex
String Add signature pattern by string
The signature definition for the TCP protocol is similar to that of the UDP protocol.
Q. Is PBAR based on the source port or the destination port?
A. PBAR identifies applications based on the destination port. All packets destined for the port in a port mapping are regarded as packets of the mapped application. This function is available on the Web interface.
The following is the command used to configure an PBAR port mapping:
[H3C] port-mapping application {application name} port 3000 ?
Acl Specify acl filtering
Host Specify a host range
Protocol Specify a Layer 4 protocol
subnet Specify a subnet
Q. How many ports can PBAR map to an application in a port mapping?
A. A maximum of 1024 ports can be mapped to an application in a port mapping.
Q. How many signatures can I configure in an NBAR rule?
A. A maximum of eight signatures can be configured in an NBAR rule.
Q. Which protocols supported by PBAR cannot be recognized when a PBAR port mapping is referenced by other modules?
A. PBAR supports the following protocols: TCP, UDP, DCCP, SCTP, and UDP Lite. However, DCCP, SCTP, and UDP Lite cannot be identified when a PBAR port mapping is referenced by other modules (for example, bandwidth management and interzone policy).
Q. Why an interzone policy cannot block FTP data packets when ALG is enabled for FTP?
A. When ALG is enabled for dual-channel application-layer protocols (for example, FTP and RTSP) on the device, an association table will be generated to associate the control channel with the data channel. FTP data packets are blocked only if FTP control packets are blocked. FTP data packets cannot be separately blocked.
Q. What is the priority order of PBAR and NBAR?
A. The priority order is: user-defined PBAR > user-defined NBAR > predefined NBAR > predefined PBAR.
For the DPI module, NBAR is used to identify traffic if no user-defined PBAR port mappings are configured. If both traffic matches both a user-defined NBAR rule and a predefined NBAR rule, the traffic belongs to the application in the user-defined NBAR rule.
Q. In addition to DPI services, what other modules can trigger NBAR detection?
· Security policy (applications and application groups).
· Application audit and management.
· Bandwidth management (applications and application groups in a traffic policy).
Q. What is the difference between user-defined applications, user-defined NBAR, and user-defined PBAR?
A. User-defined applications can be created through user-defined PBAR or user-defined NBAR. When a PBAR port mapping or NBAR application is created, the user-defined application is created. You can use the display application user-defined command to display user-defined. If a user-defined application is created in both a PBAR port mapping and an NBAR application, to delete the application, you must delete both the PBAR port mapping and NBAR application.
Q. Can I map one port to multiple applications in a PBAR port mapping?
A. No. You cannot map one port to multiple applications in a PBAR port mapping. If you execute two commands with the same port and different applications, the late executed command overwrites the previous one.
However, you can map multiple ports to one application in a port mapping.
