Hello everyone,
Today I’m going to introduce you whether a bearer protocol needs to be configured for a predefined application.
If a predefined application is referenced in a policy as a match condition and the predefined application has a bearer protocol, the bearer protocol must also be referenced in the policy. For application and bearer protocol information, see http://sec.huawei.com. When you download the SA signature database, you can download the signature database description file to understand the relationship between the application and bearer protocol.
The following describes how to configure a security policy to permit the traffic of the WebMail_Netease.
[sysname] security-policy
[sysname-policy-security] rule name WebMail_Netease_permit
[sysname-policy-security-rule-WebMail_Netease_permit] action permit
[sysname-policy-security-rule-WebMail_Netease_permit] application app WebMail_Netease
Info: please configure the application WebMail_Netease's carrier protocol :HTTP
Info: please configure the application WebMail_Netease's carrier protocol :HTTPS
Info: please configure the application WebMail_Netease's carrier protocol :SSL
The displayed message prompts you to configure the bearer protocols HTTP, HTTPS, and SSL.
[sysname-policy-security-rule-WebMail_Netease_permit] application app HTTP
[sysname-policy-security-rule-WebMail_Netease_permit] application app HTTPS
[sysname-policy-security-rule-WebMail_Netease_permit] application app SSL
[sysname-policy-security-rule-WebMail_Netease_permit] quit
[sysname-policy-security] display this
#
security-policy
default action permit
rule name WebMail_Netease_permit
application app HTTP
application app SSL
application app WebMail_Netease
application app HTTPS
action permit
#
return
This is what I want to share with you, thank you!
