How To Trouble Shoot The False Positive And False Negative Cases; What's The Difference Between Inline, Monitor And Bypass Mode - ZyXEL Communications ZYWALL IDP 10 Support Notes

IDP Support Notes
9600bps baud rate
N81 data format (No Parity, 8 data bits, 1 stop bit)
The baud rate of IDP10 is unchangeable.

How to trouble shoot the false positive and false negative cases?

Please capture the problematic packets through the following steps and send the
packet trace back to ZyXEL support. The capturing can be done as follows:
Prepare a PC with a packet capturing software. (Go to http://www.ethereal.com for
free download.)
Calibrate time on PC and IDP.
Put the PC on IDP-10's interface where the problematic packets arrive.
Observe the log on IDP where the false positive/negative logs occur and save the
packets captured by the Ethereal at that timestamp.

What's the difference between Inline, Monitor and Bypass mode?

Inline: Put ZyWALL IDP in action! It detects any suspicious or malicious packets
running through it, and depends on the action policy, it would log, drop, or blocks the
packets.
Monitor: ZyWALL IDP monitors all the traffics going through it, but does not block
any packets. Think of it as a surveillance camera. It's recommended to have your
ZyWALL IDP in monitor mode when you fist install it to your network. You could
then identify and correct any "false positive: or "false negative" detections
Bypass: ZyWALL IDP will not detect nor block any traffic at all.
26
All contents copyright (c) 2004 ZyXEL Communications Corporation.