Cloud Cleaning

This section describes how to configure cloud cleaning policies.

Configuring Cloud Cleaning Policies

  1. Choose Defense > Policy Settings > Cloud Clean > Cloud Clean Policy List.

  2. Click and specify a cloud cleaning service provider in Configure.

    Operation

    Parameter

    Description

    Cloud Clean Configure

    Service provider
    • Cloud Mitigation Alliance
    • None

    Cleaning mode
    • Auto: When traffic exceeds the threshold, a cloud cleaning policy is automatically generated and implemented.
    • Manual: When traffic exceeds the threshold, a cloud cleaning policy is generated but not automatically implemented. You need to manually implement the cloud cleaning policy.

    IP state

    Top N traffic statistics are collected based on the status of IP addresses.

    • Abnormal/Attack: Top N traffic statistics are collected based on abnormal/attack IP addresses.
    • All: Top N traffic statistics are collected based on all IP addresses.

    Single IP incoming traffic threshold

    Top N traffic statistics are collected if the incoming traffic to the destination IP address reaches the threshold.

    Incoming traffic TOPN

    Set the top N value.

    IP white list

    Cloud cleaning is not implemented for whitelisted IP addresses.

    Single Device Threshold

    Device

    The cloud cleaning service is triggered when the incoming traffic reaches the configured threshold.

    Threshold

    Parameter Settings

    Defense action
    • Clean
    • Block

    Cancel delay duration

    Interval between the time at which canceling the cloud mitigation task is confirmed and the time at which canceling the task is actually started.

    URL

    Set the cloud service address provided by the ISP.

    Auth Account

    Set the user name that the cloud service provider provides for users.

    Auth key

    Set the cloud service password.

    The passwords including letters, digits (0 to 9), and special characters (such as !, #, $, and %). You must change the passwords periodically.

    Select certificate

    Certificate provided by a server for users. Select a certificate from the drop-down list box.

    NOTE:

    Before setting this parameter, manually download and create a cloud cleaning certificate. For details, see Certificate Management.

    To download the cloud cleaning certificate, visit https://openapi.nexusguard.com/.
  3. Click OK.

  4. After the configuration is complete, if the incoming traffic exceeds the threshold, the cloud cleaning policy is automatically triggered.

    You can also manually implement the cloud cleaning policy by selecting the check box of the cloud cleaning policy in Cloud Clean Policy List and clicking above the list.

Adding Static Cloud Cleaning Policies

  1. You can click in Cloud Clean Policy List to manually add static cloud cleaning policies.

    Parameter

    Description

    Service provider

    Cloud Mitigation Alliance

    IP/Mask

    Set the destination IP address and subnet mask to which the cloud cleaning policy is applied.

    • If Defense action is set to Clean, you can enter an IP address segment with a 24-bit mask.
    • If Defense action is set to Block, you must enter a single IP address with a 32-bit mask.

    Defense action
    • Clean
    • Block

    Manually added cloud cleaning policies cannot be automatically cleared. You need to manually delete them from the Cloud Clean Policy List.

  2. Click OK.

Set Protected IP Address

  1. You can click in Set Protected IP Address.

    Parameter

    Description

    IP/Mask

    IP address protected by the Cloud Mitigation Alliance. When the Cloud Mitigation Alliance service, the Mask range of 16-24.

    Traffic Injection Device

    You can select more than one traffic injection device.
  2. Click OK.
Parent topic: Cloud Cleaning
Copyright © Huawei Technologies Co., Ltd.