{{ $t('productDocDetail.updateTime') }}: 2026-01-08

4.6.5.1Alerts

Function Description

aSecurity detects security events on VMs in real time, such as brute-force attacks, WebShell backdoors, ransomware, and Trojans. Then, it sends emails to the email address you specified to notify you of the detected security events.

Prerequisites

You have configured the Simple Mail Transfer Protocol (SMTP) server.

Precautions

aSecurity does not support alert notifications via SMS.

Steps

1. Go to Security Settings > Alert Settings and click Change Email Address. On the page that appears, click New and select aSecurity Alert. For more information about alert settings, see section 4.12.4.2 "Alerts."

2. If the platform detects a security or a vulnerability event, it sends an alert email to the email address you specified according to the set alert condition.

• Security event alerts: You can set the maximum number of alert emails, which ranges from 1 to 1,000.

• Vulnerability alerts: You can set Vulnerability Type and Alert Frequency. If you select Real-Time for Alert Frequency, you can set the maximum number of alert emails, which ranges from 1 to 1,000.

3. Click Save.
   2. Signature Database Update

Function Description

aSecurity supports the automatic and manual updates of the web vulnerability signature database and IPS database, ensuring that new threats are identified and blocked in a timely manner and enhancing system security.

Prerequisites

The edge-connected interface of the aSecurity VM can connect to the following WAN servers, or the .zip file of the latest signature database has been obtained.

Cloud firewall signature databases:

• Guangdong: upd.sangfor.com.cn

• Hong Kong: upd.snagfor.com

• Manual update: https://sec.sangfor.com.cn/index/abroad?lang=EN-US

Precautions

N/A

Steps

Go to aSecurity > Security Settings > Signature Database Update. On the page that appears, you can view the information of current signature databases, including Name, Current Version, Latest Version, and Update Time. You can perform operations such as online updates, manual import, and rollback.

4.6.5.3Blacklist and Whitelist

Function Description

aSecurity supports blacklist management for attack protection or brute-force attack events and whitelist management for IP addresses, VMs, security policies, or threat events.

Prerequisites

Allocate a quota and enable aSecurity for a tenant before creating a blacklist and whitelist for the tenant.

Precautions

1. For the permanent blacklist, you can configure up to 2,048 items.
2. For the rule whitelist, you can configure up to 2,048 items.
3. For the VM/IP whitelist, you can configure up to 2,048 items.
4. When creating a blacklist or whitelist, you can specify the impact scope, resource pool, and tenant VPC network.

Steps

1. On the Permanent Blacklist tab, add or remove source IP addresses related to attack protection events and remove those related to brute-force attack events as needed.

2. On the Rule Whitelist tab, add, remove, enable, or disable the enabled web vulnerability protection or IPS policies as needed.

3. On the VM/IP Whitelist tab, add or remove source IP addresses and destination IP addresses/VMs related to attack protection events and remove those related to brute-force attack events as needed.

4. On the File Whitelist tab, remove trusted threat events as needed, which will also remove files with the same MD5 value.

4.6.5.4Troubleshooting

Function Description

This feature allows you to troubleshoot network disconnections or service or application inaccessibility on aSecurity. Currently, precise traffic analysis and global passthrough modes are supported.

• Precise traffic analysis: Data packets dropped due to the firewall policy are obtained based on the specified rules, which can be used for analysis of blocked access.

• Global passthrough: All firewall policies are ineffective within the specified scope. This mode is applicable in the case when the firewall policy that blocks the business access cannot be identified. It disables global firewall policies to ensure the proper connection of the business network.

Prerequisites

N/A

Precautions

1. Precise traffic analysis will be automatically disabled 1 hour after it is enabled.
2. You can start only one precise traffic analysis task at a time.

Steps

1. Precise traffic analysis (recommended): Go to Security Settings > Troubleshooting, select Precise Traffic Analysis for Mode, set Source IP or Destination IP, select Protocol and Impact Scope, and click Enable.

2. Global passthrough (use with caution): Go to Security Settings > Troubleshooting, select Global Passthrough for Mode, select Impact Scope, and click Enable.

4.6.5.5aSecurity Upgrade

Function Description

This section provides guides on how to upgrade aSecurity.

Prerequisites

The latest service pack or upgrade package has been obtained.

Precautions

1. You can install up to 10 service packs for a version.
2. You can roll back one service pack at a time, in reverse order of the upgrade sequence.
3. Cold start is used for upgrade and rollback, that is, aSecurity VM restart.
4. If the upgrade or rollback is interrupted, the service pack is rolled back automatically.

Steps

Go to Security Settings > aSecurity Upgrade, click Upgrade or Roll Back, and perform operations as instructed.

4.6.5.6Remote Maintenance

Function Description

You can contact technical support for remote diagnostics, troubleshooting, and fixing to improve system performance or recover businesses.

Prerequisites

N/A

Precautions

SSH Port will be automatically disabled 4 hours after it is enabled.

Steps

Go to Security Settings > Remote Maintenance and click Enable SSH Port. Then, aSecurity can be remotely maintained via SSH.