ZyXEL Communications ZyWALL USG 1000 User Manual page 871

IDP is dropping traffic that matches a rule that says no action should be taken.
The ZyWALL checks all signatures and continues searching even after a match is
found. If two or more rules have conflicting actions for the same packet, then the
ZyWALL applies the more restrictive action (reject-both, reject-receiver or
reject-sender, drop, none in this order). If a packet matches a rule for reject-
receiver and it also matches a rule for reject-sender, then the ZyWALL will
reject-both.
I uploaded a custom signature file and now all of my earlier custom signatures are
gone.
The name of the complete custom signature file on the ZyWALL is 'custom.rules'.
If you import a file named 'custom.rules', then all custom signatures on the
ZyWALL are overwritten with the new file. If this is not your intention, make sure
that the files you import are not named 'custom.rules'.
I cannot configure some items in IDP that I can configure in Snort.
Not all Snort functionality is supported in the ZyWALL.
The ZyWALL's performance seems slower after configuring ADP.
Depending on your network topology and traffic load, applying an anomaly profile to
each and every packet direction may affect the ZyWALL's performance.
The ZyWALL routes and applies SNAT for traffic from some interfaces but not
from others.
The ZyWALL automatically uses SNAT for traffic it routes from internal interfaces
to external interfaces. For example LAN to WAN traffic. You must manually
configure a policy route to add routing and SNAT settings for an interface with the
Interface Type set to General. You can also configure a policy route to override
ZyWALL USG 1000 User's Guide
Chapter 56 Troubleshooting
875