Configuring the scheduled update time for the intrusion prevention signature database

19

The threat signature database is the IPS signature database. By default, the IPS signature database is updated once every week. You can set the scheduled update time of the signature database on the web UI or through the CLI.

Other related questions:
How to update the signature database on the standby firewall
The commands for online signature database updates can be automatically synchronized to the standby firewall. The active and standby firewalls download the latest signature database as scheduled from the security center. Besides, when you manually update the signature database on the active firewall, the update is automatically implemented on the standby firewall.

How to upgrade the SAC signature database on an AR

The signature database file and system software are separated on Huawei devices. So the signature database file can be loaded and upgraded without affecting normal operation of other services. By default, the signature database file is named sacrule.dat, and it cannot be changed. To upgrade the signature database, contact Huawei local offices or engineers.
Note: There must be an interval of at least 20 seconds between running the sac enable signature and sac update signature commands. When specifying the name of a signature database, enter the complete path and file name to ensure that the configuration can be restored. The signature database file must use .dat as the file name extension. When the sac update signature command is run multiple times to update the signature database file, only the last configuration takes effect.
An example is as follows:
<Huawei>system-view
[Huawei] sac update signature flash:/sacrule.dat
Info: The SAC signature lib update successful.

How to configure rate limiting based on the SAC signature database on an AR?
The SAC signature database contains thousands of application protocols. An SAC traffic classifier defines the rule for matching packets. Users configure different SAC traffic classifiers to classify packets, and limit the rate of traffic in the traffic behavior. The traffic policy then can be applied in the inbound or outbound direction on the interface.

Does the intrusion prevention function require a license
Yes. A license is required for updating the intrusion prevention signature database.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top