ZyXEL Communications ZyWALL USG 2000 User Manual page 875

The ZyWALL's performance seems slower after configuring IDP.
Depending on your network topology and traffic load, binding every packet
direction to an IDP profile may affect the ZyWALL's performance. You may want to
focus IDP scanning on certain traffic directions such as incoming traffic.
IDP is dropping traffic that matches a rule that says no action should be taken.
The ZyWALL checks all signatures and continues searching even after a match is
found. If two or more rules have conflicting actions for the same packet, then the
ZyWALL applies the more restrictive action (reject-both, reject-receiver or
reject-sender, drop, none in this order). If a packet matches a rule for reject-
receiver and it also matches a rule for reject-sender, then the ZyWALL will
reject-both.
I uploaded a custom signature file and now all of my earlier custom signatures are
gone.
The name of the complete custom signature file on the ZyWALL is 'custom.rules'.
If you import a file named 'custom.rules', then all custom signatures on the
ZyWALL are overwritten with the new file. If this is not your intention, make sure
that the files you import are not named 'custom.rules'.
I cannot configure some items in IDP that I can configure in Snort.
Not all Snort functionality is supported in the ZyWALL.
The ZyWALL's performance seems slower after configuring ADP.
Depending on your network topology and traffic load, applying an anomaly profile to
each and every packet direction may affect the ZyWALL's performance.
ZyWALL USG 2000 User's Guide
Chapter 56 Troubleshooting
875