H3C MSR Series Command Reference Manual page 988
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
inspect app-profile-name: Applies a DPI application profile to the packets that match the rule. The
app-profile-name argument represents the DPI profile name, a case-insensitive string of 1 to 100
characters. The string can contain only letters, digits, and underscores (_).
The following matrix shows the inspect app-profile-name option and hardware compatibility:
Hardware
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-
10-PoE/810-LM-HK/810-W-LM-HK
MSR2600-10-X1
MSR 2630
MSR3600-28/3600-51
MSR3600-28-SI/3600-51-SI
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-D
P-DC
MSR 3610/3620/3620-DP/3640/3660
MSR5620/5660/5680
source-ip object-group-name: Specifies a source IPv4 address object group by its name, a
case-insensitive string of 1 to 31 characters.
source-ip any: Specifies all source IPv4 address object groups.
destination-ip object-group-name: Specifies a destination IPv4 address object group by its name, a
case-insensitive string of 1 to 31 characters.
destination-ip any: Specifies all destination IPv4 address object groups.
service object-group-name: Specifies a service object group by its name, a case-insensitive string of
1 to 31 characters.
service any: Specifies all service object groups.
vrf vrf-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31
characters. If you do not specify this option, the command applies to packets of the public network.
application application-name: Specifies an application by its name, a case-insensitive string of 1 to
63 characters. The invalid and other applications are not supported.
app-group app-group-name: Specifies an application group by its name, a case-insensitive string of
1 to 63 characters. The invalid and other application groups are not supported.
counting: Enables match counting for the rule in an IPv4 object policy. By default, rule match
counting is disabled.
disable: Disables the IPv4 object policy rule.
logging: Logs the packets that match the rule.
time-range time-range-name: Specifies a time range by its name, a case-insensitive string of 1 to 32
characters. If the specified time range does not exist, the system creates the rule and prompts you to
configure the time range. The rule takes effect after you set the time range. For more information
about time range configuration, see ACL and QoS Configuration Guide.
Usage guidelines
If the specified rule ID does not exist, this command creates a rule. Otherwise, this command
changes the configuration of the specified rule.
The rule matches all IPv4 packets if no criteria are specified.
Option compatibility
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
965
Advertisement
Table of Contents
