如何从到软件在系列中强制执行内容和应用检测 PA-5000 Hardware ?
16731
Created On 04/30/19 13:20 PM - Last Modified 03/26/21 17:39 PM
Objective
本文从软件到软件,解释了如何强制实施内容和应用程序检测 PA-5000 hardware 。
Environment
PA-5000 系列 firewall
Procedure
默认情况下, AHO DFA 分别用于威胁和 DLP (数据损失预防)检测和应用程序检测的算法在 hardware :
PA-5020> debug dataplane fpga state
DP dp0:
aho offload setup
Use offload
Minimum Threshold for using offload: 32 bytes
Maximum Threshold for using offload: 9900 bytes
Max. outstanding request to offloading: 1024
Current outstanding request to offloading: 0
<SNIP>
dfa offload setup
Use offload
Minimum Threshold for using offload: 48 bytes
Maximum Threshold for using offload: 9900 bytes
Max. outstanding request to offloading: 1024
Current outstanding request to offloading: 0
appsig bitmask in offload 0x0
token bitmask in offload 0x10000 (cur idx 1)
<SNIP>
DP dp1:
aho offload setup
Use offload
Minimum Threshold for using offload: 32 bytes
Maximum Threshold for using offload: 9900 bytes
Max. outstanding request to offloading: 1024
Current outstanding request to offloading: 0
<SNIP>
dfa offload setup
Use offload
Minimum Threshold for using offload: 48 bytes
Maximum Threshold for using offload: 9900 bytes
Max. outstanding request to offloading: 1024
Current outstanding request to offloading: 0
<SNIP>AHO DFA 默认情况下在 hardware FPGA () 中的行为减少了数据飞机(软件)上的负载。 但是,如果可疑问题需要隔离 hardware FPGA (),则处理可能被迫使用以下数据飞机(软件):
PA-5020> debug dataplane fpga set ? > sw_aho Use only software for aho and dlp > sw_dfa Use only software for dfa PA-5020> debug dataplane fpga set sw_aho yes DP dp0: DP dp1: PA-5020> debug dataplane fpga set sw_dfa yes DP dp0: DP dp1:
PA-5020> debug dataplane fpga state DP dp0: aho offload setup Use software only dfa offload setup Use software only DP dp1: aho offload setup Use software only dfa offload setup Use software only
强制 AHO 执行和 DFA 软件可能会增加数据平面 CPU 。 经过仔细观察,可以保留或恢复:
PA-5020> debug dataplane fpga set sw_aho no PA-5020> debug dataplane fpga set sw_dfa no