Syntax keywords and variables – Amer Networks WLO220T CLI User Manual
Page 30
. . . . .
C O M M A N D D E S C R I P T I O N S
dpi
CLI Reference Guide
27
dpi
Use the dpi commands to create and mange signatures, group signatures into profiles and enable
the use of the profiles.
A signature is a description of a characteristic of a connection. The description may include the
ports that the connection uses as well as a string (or pattern) found in the packets used to set up
the connection. Freedom9 provides an initial list of signatures that are commonly seen and
also allows customer signatures to be added. The signatures provided cannot be modified or
removed.
A profile is a way to group signatures together. This allows each signature to be fairly simple while
still allowing a description of more complicated connections. For example a connection that could
be created using UDP with one pattern and TCP with a different pattern can be represented with
one profile that includes two signatures. It also allows different types of connections to be grouped
together and treated similarly, such as declaring that two different types of p2p connections
should be either permitted or rejected.
To make use of a profile, the dpi function must be enabled and a policy that references the profile
must be created. (See the
policy
command section on page 55 for more information).
Syntax
Keywords and Variables
profile-name
get dpi profile [profile-name]
set dpi profile profile-name
get
get dpi
get dpi profile [profile-name]
get dpi signature [signature-name]
set
set dpi profile profile-name
[
alert aggr-band-alert] |
[
add signature signature-name alert conn-band-alert] |
[
delete signature signature-name]
set dpi signature signature-name
{
patternascii | patternhex} pattern
[
offset offset-value]
protocol {tcp | udp }
[
port port-range
[
flags flags-value ]]
set dpi enable
exec
exec dpi from tftp ipaddr filename [prompt]
unset
unset dpi signature signature-name
unset dpi enable
unset dpi profile profile-name [alert]