开启DPI导致远程控制软件无法使用

　　1、从故障现像来看可以确定为USG2110-F设备软件版本或配置问题，查看设备版本，确认已经是最新版本。仔细查看配置文件发现配置有DPI，对P2P进行了过滤，试着关闭DPI后测试远程控制软件，可以正常使用。确定问题为DPI导致。 　　2、修改DPI对应的ACL配置文件。允许专网数据，仅对去往Internet报文进行DPI过滤即可。 配置如下： acl number 3000 rule 5 permit ip source 10.10.0.0 0.0.255.255 rule 10 permit ip destination 10.10.0.0 0.0.255.255 rule 15 deny ip # # dpi whole-packet-search enable application gnutella whole-packet-search enable application msn_audio whole-packet-search enable application msn_im whole-packet-search enable application http whole-packet-search enable application https whole-packet-search enable application mms_stream_signal whole-packet-search enable application rtsp whole-packet-search enable application pop3_ssl whole-packet-search enable application wap_connless whole-packet-search enable application wap_conn whole-packet-search enable application ssl whole-packet-search enable application quicktime_streaming whole-packet-search enable application cotp_data whole-packet-search enable application stun whole-packet-search enable application icy whole-packet-search enable application tcp_other relation-detection enable update rule-base server domain sec.huawei.com rule 1 if-match category p2p packet-filter acl-number 3000 rule 2 if-match category peer_casting packet-filter acl-number 3000 #