Library Files

This section describes how to load and update the IP reputation database and region identification signature database.

Configuring the FTP Server

Before managing library files, configure FTP.

  1. Choose Defense > Network Settings > Devices

  2. Click in the Operation column on the right of the AntiDDoS to access the Modify Management Protocol window.

  3. Click the FTP tab to complete the SFTP configuration.

    The SFTP user name and password must be pre-set on the AntiDDoS and the same as those configured on the ATIC management center.

    The passwords must meet the minimum complexity requirement. That is, the passwords must contain at least three of the following, including upper-case letters (A to Z), lower-case letters (a to z), digits (0 to 9), and special characters (such as !, #, $, and %). You must change the passwords periodically.

    SFTP is more secure than FTP. To secure data transmission, use SFTP to transfer files.

Management Operations

Choose Defense > Public Settings > Library File to manage library files.

Deploy

Click to deploy the selected library file to the AntiDDoS.

Import
  1. Click .

  2. In the Import window, click upload, select the library file, and click OK.

    The file name of the IP location information database must be in the format of location_sdb*.zip or REGION_H*.zip. The file name of the IP reputation database must be in the format of IPRPU_H*.zip.

    Imported library files are displayed in the library file list.

    NOTE:

    If the library file is downloaded from the Huawei security platform (sec.huawei.com), the device type is the product name selected on the corresponding web page. If the library file is synchronized from the ATIC, the name of the library file synchronized contains the device type.

Export
  1. Select a library file and click .
  2. In the displayed file download window, click Save to save the file locally or click Open to view the file.

Delete

  • Delete one IP address description:

    Click in the Operation column on the right of an IP address description to delete the description.

  • Delete library file in batches:

    Select the check boxes of multiple library files and click above the list to delete the selected library files.

    Select the check box on the title bar and click above the list to delete all library file.

NOTE:

Only Undeployed library files can be directly deleted. If a library file has been successfully or partially deployed, it cannot be deleted. To delete a deployed library file, load another library file of the same type. The newly loaded library file overwrites the deployed one and is in Undeployed state. Then, you can delete this file.

Synchronize
  • Click to download the latest library file from the secure cloud center to the ATIC management center.
  • Select a library file and click to enable the automatic library file synchronization function so that the latest library file can be automatically downloaded from the secure cloud center to the ATIC management center. If the downloaded database files contain an IP reputation database file, the IP reputation database file will be automatically deployed on the AntiDDoS device.
  • Select a library file and click to disable the automatic library file synchronization function.

Ensure that the secure cloud center and ATIC management center are reachable.

NOTE:
  • When the device can directly access the update center, configure security policies as follows:
    • Set the source security zone to Local.
    • Permit HTTP and FTP. HTTP is used by the AntiDDoS to interact with the security center, and FTP is used to connect to FTP control channels for downloading signature database files.
    • Permit user-defined service traffic, with the protocol being TCP and destination port ranging from 10001 to 10005 (for connecting to FTP data channels).
  • When the device accesses the update center through the proxy server, configure security policies as follows:
    • Set the source security zone to Local.
    • Permit HTTP so that the AntiDDoS can interact with the proxy server.
  • Before updating a signature database, check whether the space available in the device root directory is sufficient. The space required for updating a signature database is as follows:
    • IP reputation library (IPRPU): The space required is no smaller than 80 MB.

Manually Updating Signature Database Files

If a signature database file fails to be automatically updated, perform as follows to manually update a signature database file:

  1. Download update files.

    1. Log in to Huawei security platform (sec.huawei.com) and choose Signature Update > Signature Update.

    2. Select a product type, name, and version.

    3. Click the tab of the signature database to be updated.

    4. Download the signature database file.

      Click the download icon on the right and download the signature database file on the detail information page. The signature database files are in ZIP format. You can upload them directly to the ATIC without decompressing them.

      Certain signature database files provide auxiliary files that further describe signature database or version changes for your reference.

  2. Choose Defense > Public Settings > Library File and click .

  3. On the Import page, click Browse, select the latest downloaded signature database file, and click OK. The imported signature database file is displayed in the signature database file list.

  4. Click to deploy the selected signature database file to the anti-DDoS device.

  5. If the deployment succeeds, the value of Deploy Status is Deploy succeeded.

Parent topic: Configuring the Zone-based Defense Policy
Copyright © Huawei Technologies Co., Ltd.