客戶使用(yòng)USG2110-F連接專網和(hé)In≈♣<ternet。客戶專網使用(yòng)定制(zhì)開(kā≠"i)發的(de)遠(yuǎn)程控制(zhì)軟件(♠∏↓jiàn)無法使用(yòng)。但(dàn)換其它品牌≠<® 路(lù)由器(qì)可(kě)以正常使用∏ (yòng)。
無
1、從(cóng)故障現(xiàn)像來(lái)看(kàn)€$★可(kě)以确定為(wèi)USG2110-<φF設備軟件(jiàn)版本或配置問(wèn)題,$₩₹☆查看(kàn)設備版本,确認已經是(shì)最新版本。仔細查看(kàn)配置文≤(wén)件(jiàn)發現(xiàn)配置有(yǒu)DPγ'I,對(duì)P2P進行(xíng)了& £(le)過濾,試著(zhe)關閉DPI後測試遠(yuǎn)程控制(zhì≥ )軟件(jiàn),可(kě)以正常使用(yòng)。确定問(σ₩wèn)題為(wèi)DPI導緻。
2、修改DPI對(duì)應的(de)÷₹ACL配置文(wén)件(jiàn)。允許專網數(s hù)據,僅對(duì)去(qù)往Internet報(bào)文(wα€→®én)進行(xíng)DPI過濾即可(kě)₽←。
配置如(rú)下(xià):
acl number 3000
rule 5 permit ip source 10.10.0.0 0.0★✘ ≥.255.255
rule 10 permit ip destination 10 ∞≤♥.10.0.0 0.0.255.255
rule 15 deny ip
#
#
dpi
whole-packet-search enable applicaλ↑ ≤tion gnutella
whole-packet-search enab₽★le application msn_audi★φαo
whole-packet-search en≈§≠able application msn_im
whole-packet-search enable appli←¶cation http
whole-packet-search enable appliφ cation https
whole-packet-search enable applicaδ≈tion mms_stream_signal
whole-packet-search enable applicaΩ♦$tion rtsp
whole-packet-search enable applica←↑↕tion pop3_ssl
whole-packet-search enable applicat≈↑ion wap_connless
whole-packet-search enab•∏le application wap_conn
whole-packet-search enable ∏©application ssl
whole-packet-search enable applic✔α© ation quicktime_streaming
whole-packet-search enable a↑§pplication cotp_data
whole-packet-search enabl≈&≤™e application stun
whole-packet-search enableγ↓♦♥ application icy
whole-packet-search enable®&↓ application tcp_other
relation-detection enabl>↕β♠e
update rule-base servβ€&∏er domain sec.huawei.'com
rule 1 if-match category p2p packet-f δilter acl-number 3000
rule 2 if-match category peer_casting ✘βpacket-filter acl-number 3000
#
無