Creating New Adp Profiles; Traffic Anomaly Profiles - ZyXEL Communications ZyWall USG 2000 User Manual
Unified security gateway
Hide thumbs
Also See for ZyWall USG 2000:
- User manual (1114 pages) ,
- Manual (964 pages) ,
- Support notes (227 pages)
Table of Contents
Advertisement
The following table describes the fields in this screen.
Table 158 Anti-X > ADP > Profile
LABEL
Name
Base Profile
Add icon
32.3.3 Creating New ADP Profiles
You may want to create a new profile if not all rules in a base profile are applicable
to your network. In this case you should disable non-applicable rules so as to
improve ZyWALL ADP processing efficiency.
You may also find that certain rules are triggering too many false positives or false
negatives. A false positive is when valid traffic is flagged as an attack. A false
negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As
each network is different, false positives and false negatives are common on initial
ADP deployment.
You could create a new 'monitor profile' that creates logs but all actions are
disabled. Observe the logs over time and try to eliminate the causes of the false
alarms. When you're satisfied that they have been reduced to an acceptable level,
you could then create an 'inline profile' whereby you configure appropriate actions
to be taken when a packet matches a rule.
ADP profiles consist of traffic anomaly profiles and protocol anomaly profiles. To
create a new profile, select a base profile (see
click OK to go to the profile details screen. Type a new profile name, enable or
disable individual rules and then edit the default log options and actions.
32.3.4 Traffic Anomaly Profiles
The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly
detection looks for abnormal behavior such as scan or flooding attempts. In the
Anti-X > ADP > Profile screen, click the Edit icon or click the Add icon and
choose a base profile. If you made changes to other screens belonging to this
ZyWALL USG 2000 User's Guide
DESCRIPTION
This is the name of the profile you created.
This is the base profile from which the profile was created.
Click the Add icon in the column header to create a new profile. A pop-up
screen displays requiring you to choose a base profile from which to create
the new profile.
Click an Edit icon to edit an existing profile.
Click a Remove icon to delete an existing profile.
Chapter 32 ADP
Table 157 on page
526) and then
527
Advertisement
Table of Contents
Troubleshooting
