USG2000 V100R005C00SPC700与早期版本配置DPI的区域

V100R005C00SPC700版本以后配置DPI dpi whole-packet-search enable application gnutella whole-packet-search enable application msn_audio whole-packet-search enable application msn_im whole-packet-search enable application http whole-packet-search enable application https whole-packet-search enable application mms_stream_signal whole-packet-search enable application rtsp whole-packet-search enable application pop3_ssl whole-packet-search enable application wap_connless whole-packet-search enable application wap_conn whole-packet-search enable application ssl whole-packet-search enable application quicktime_streaming whole-packet-search enable application cotp_data whole-packet-search enable application stun whole-packet-search enable application icy whole-packet-search enable application tcp_other relation-detection enable auto save configuration update rule-base server domain sec.huawei.com update rule-base remote period 15 remission-ip 192.168.104.0 mask 24 /免监控IP remission-ip address-set vip /免监控IP identification-range 192.168.0.0 mask 16 /监控IP # template 1 /配置模版 rule 0 if-match category Attack apply deny rule 1 if-match category BotNet apply deny rule 2 if-match category P2P apply deny rule 3 if-match category PeerCasting apply qos-car 100 rule 4 if-match category Worm apply deny # policy 1 /应用模块 policy template 1 # 早期版本： # dpi whole-packet-search enable application gnutella whole-packet-search enable application msn_audio whole-packet-search enable application msn_im whole-packet-search enable application http whole-packet-search enable application https whole-packet-search enable application mms_stream_signal whole-packet-search enable application rtsp whole-packet-search enable application pop3_ssl whole-packet-search enable application wap_connless whole-packet-search enable application wap_conn whole-packet-search enable application ssl whole-packet-search enable application cotp_data whole-packet-search enable application stun whole-packet-search enable application icy relation-detection enable update rule-base server domain sec.huawei.com update rule-base remote period 15 rule 1 if-match category p2p packet-filter acl-number 2000 直接配置Rule应用ACL。 # return