31.8.3 Applying Custom Signatures
After you create your custom signature, it becomes available in the IDP service
group category in the IDP > Profile > Packet Inspection screen. Custom
signatures have an SID from 9000000 to 9999999.
You can activate the signature, configure what action to take when a packet
matches it and if it should generate a log or alert in a profile. Then bind the profile
to a zone.
Figure 364 Example: Custom Signature in IDP Profile
31.8.4 Verifying Custom Signatures
You should configure the signature to create a log when an 'attack packet'
matches the signature. (You may also want to configure an alert if the attack is
more serious and needs more immediate attention.) After you apply the signature
to a zone, you can see if it works by checking the logs (Maintenance > Logs >
View Log).
All IDP signatures come under the IDP category. The Priority column shows
warn for signatures that are configured to generate a log only. It shows critical
for signatures that are configured to generate a log and alert. count is the
number of attacks that occurred at that time. The Note column displays ACCESS
FORWARD when no action is configured for the signature. It displays ACCESS
ZyWALL USG 2000 User's Guide
Chapter 31 IDP
517