How to upgrade the SAC signature database on an AR

42


The signature database file and system software are separated on Huawei devices. So the signature database file can be loaded and upgraded without affecting normal operation of other services. By default, the signature database file is named sacrule.dat, and it cannot be changed. To upgrade the signature database, contact Huawei local offices or engineers.
Note: There must be an interval of at least 20 seconds between running the sac enable signature and sac update signature commands. When specifying the name of a signature database, enter the complete path and file name to ensure that the configuration can be restored. The signature database file must use .dat as the file name extension. When the sac update signature command is run multiple times to update the signature database file, only the last configuration takes effect.
An example is as follows:
<Huawei>system-view
[Huawei] sac update signature flash:/sacrule.dat
Info: The SAC signature lib update successful.

Other related questions:
How to configure rate limiting based on the SAC signature database on an AR?
The SAC signature database contains thousands of application protocols. An SAC traffic classifier defines the rule for matching packets. Users configure different SAC traffic classifiers to classify packets, and limit the rate of traffic in the traffic behavior. The traffic policy then can be applied in the inbound or outbound direction on the interface.

Meaning of application protocols in the SAC signature database
You can run the display sa application-list command to view all application protocols in the current SAC signature database. The Description field in the command output indicates the detailed description of application protocols, from which you can know the meaning of application protocols.

How to download a signature database on an AR router
A user can obtain an update IPS signature database from the security center platform (default domain name: sec.huawei.com) after the user purchases a license with the deep security defense function.

Whether the upgrade of the application signature databases on the USG6000 series requires a license
The upgrade of the application signature databases on the USG6000 series does not require a license.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top