Configuring Metadata Detection and Protection Rules
Prerequisites
- The metadata detection and function applies only to the USG6603F-C and USG6606F-C.
- The metadata detection function is supported only by the Border Protection and Response Service professional edition package.
Context
Metadata is generated by extracting session and protocol information from original traffic. Huawei Qiankun can intelligently detect metadata to effectively defend against web attacks (including information disclosure, credential theft, injection detection, and DoS) and external connections in which malicious domain names are requested through the DNS protocol.
For important intranet assets, you can configure metadata detection and protection rules as required. Huawei Qiankun receives metadata based on the configured protected network segment and performs threat analysis based on the metadata to better protect important intranet assets.
According to whether protected network segments are configured, actions are taken as follows:
- For devices configured with protected network segments, collect the following data:
- Metadata using HTTP and whose destination IP address is in the protected network segment.
- Metadata using DNS and whose source IP address is in the protected network segment.
- Metadata is not collected for devices that are not configured with protected network segments.
Procedure
- Log in to the Huawei Qiankun console, and choose .
- Choose in the menu bar.
- Click Create and create a metadata detection and protection rule as prompted.
Figure 1 Creating a metadata detection and protection rule
Table 1 Key parameters Parameter
Description
Select Device
Enter the device SN or device name for fuzzy search and select the device.
Protected Network Segment
- One protected network segment or range can be configured in each line.
- Lines are separated by carriage returns.
- The total number of protected IP addresses cannot exceed 65536.
- Only IPv4 addresses are supported.
For example:
127.0.0.1
127.0.0.1/24
127.0.0.2-127.0.0.10
Follow-up Procedure
After creating a metadata detection and protection rule, you can perform the following operations:
- Modify: Click Modify in the Operation column to modify an existing metadata detection and protection rule. You can only modify the protected network segment but cannot specify another device.
- Delete: Click Delete in the Operation column to delete an existing metadata detection and protection rule.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot