Whether the bearer protocols of a predefined application used as a match condition and referenced by a policy shall also be referenced by the policy

5

Yes. If a predefined application is referenced in a policy as a match condition and the predefined application has a bearer protocol, the bearer protocol must also be referenced in the policy. For example, BT is referenced in a policy as a match condition, the policy must also reference its bearer protocol HTTP. For application and bearer protocol information, see http://sec.huawei.com. When you download the SA signature database, you can download the signature database description file to understand the relationship between the application and bearer protocol.

Other related questions:
Query of policy matching logs on the USG6000 series
By checking policy matching logs, you can learn traffic matching policies and determine whether security policies are correctly configured or achieve expected effects, to facilitate fault locating. Context Only the USG6000 supports policy matching logs, and such logs can be displayed only when a hard disk is installed. For the USG6650/6660/6670/6680, the policy matching log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. If traffic matches a security policy, a policy matching log is generated. Before querying policy matching logs, run the log type policy enable command on the firewall to enable the policy matching log function. Choose Monitor > Log > Policy Matching Log to view information about policy matching logs. Choose Customize and select/deselect conditions for the display of policy matching logs. Click Export to export policy matching logs in CSV format to the management PC.

Method used to export policy matching logs on the USG6000
The method used to export policy matching logs on the USG6000 is as follows: 1. Choose Monitor > Logs > Policy Matching Logs. 2. Select Column Customization and select or cancel various types of conditions displayed in policy matching logs. 3. Click Export to export policy matching logs in the CSV format to the administrator's PC.

Security policy matching order on the USG6000 series
When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

Whether predefined applications can be modified or deleted
Predefined applications cannot be modified or deleted. You can obtain the latest predefined applications by periodically updating the application signature database.

Whether USG6000 series virtual systems support referencing IPSec at interfaces
No.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top