Creating New Profiles; Procedure To Create A New Profile - ZyXEL Communications ZyWall USG 2000 User Manual

Chapter 31 IDP
Click a column's heading cell to sort the table entries by that column's criteria.
Click the heading cell again to reverse the sort order.
Figure 351 Anti-X > IDP > Profile
The following table describes the fields in this screen.
Table 146 Anti-X > IDP > Profile
LABEL
Name
Base Profile
Add icon

31.5 Creating New Profiles

You may want to create a new profile if not all signatures in a base profile are
applicable to your network. In this case you should disable non-applicable
signatures so as to improve ZyWALL IDP processing efficiency.
You may also find that certain signatures are triggering too many false positives or
false negatives. A false positive is when valid traffic is flagged as an attack. A false
negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As
each network is different, false positives and false negatives are common on initial
IDP deployment.
You could create a new 'monitor profile' that creates logs but all actions are
disabled. Observe the logs over time and try to eliminate the causes of the false
alarms. When you're satisfied that they have been reduced to an acceptable level,
you could then create an 'inline profile' whereby you configure appropriate actions
to be taken when a packet matches a signature.

31.5.1 Procedure To Create a New Profile

To create a new profile:
494
DESCRIPTION
This is the name of the profile you created.
This is the base profile from which the profile was created.
Click the Add icon in the column header to create a new profile. A pop-up
screen displays requiring you to choose a base profile from which to create
the new profile.
Click an Edit icon to edit an existing profile.
Click a Remove icon to delete an existing profile.
ZyWALL USG 2000 User's Guide