XII. Firewall/Security Features

App Enforcement Signature Upgrade Facility

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
APPE
App Enforcement
WCF

The Application Enforcement feature is part of the DrayTek router's Content Security Management feature set. This allows the router to identify specific traffic types such as tunneling or proxy software and block it if required, this has been updated with each firmware version, often adding new types of traffic that can be blocked or updating the types of traffic as the protocols could change over time.

From firmware versions 3.7.6 on the Vigor 2925 Series and 3.7.8 on the Vigor 2860 Series, the Application Enforcement - Content Security Management feature is able to update the App Enforcement Signatures independently from the router's firmware. Updates via signatures gives a great advantage in that the APP Enforcement detection can be updated to help detect newer Apps or updated versions as soon as a new signature is available for download; It doesn't need to wait for the next formal release of the router firmware to be made available.

This requires registering the router with DrayTek's MyVigor service, which is used to activate licenses on the router, which now includes the license for App Enforcement. Once the acount has been setup the one year licence can be activated and allows the router to download and update the Application Enforcement Signatures.


The router's [CSM] - [App Enforcement Profile] page will show the current status of the license, in this example it has not been activated yet and this means that the router will not be able to update the App Enforcement signature files when new ones are released.

To start the process of activating the license, click the Activate button on that page which will go to the MyVigor website in another browser window:

If you haven't set up an account on the MyVigor site, this guide covers the initial set up.


On the MyVigor site, go to the [My Information] - [My Product] page, which will show routers currently connected to the account. Click the Add button which is above that table on the right to add the router to the account.

Once it has been added, select that router from the list by clicking the link with its serial number:

That will show the items that can be activated on the router, in this case, click the Action button for the APPE license, to start the activation process.


The next page will show the terms and conditions for activating the license; tick to accept the EULA and click Next to proceed:

It will then show the time that the license should be active from, which will default to the current date. If that is suitable, click the Register button to proceed:


The MyVigor site will then complete the license activation procedure and reload the router's web interface, go to the [CSM] - [App Enforcement Profile] page to check the license status, which should now show as being activated:

This makes it possible to update the Application Enforcement Signature on the router.


Go to the [CSM] - [APPE Signature Upgrade] page to check the status of which APPE signature is currently loaded on the router and which one is available.

To update manually, click the Download button which will download the new signature to the router and show the release notes for it.

To update automatically, first of all set the Upgrade via interface option if the router needs to use a specific WAN interface for the updates, otherwise it will update over any available WAN interface.
Tick the Schedule Update tickbox to enable the feature and select the interval to update, based on either Hours, Daily or Weekly at the specified time.

Click OK on that page to apply the change.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1