Traffic Anomaly Profiles - ZyXEL Communications ZyWALL 1100 User Manual

satisfied that they have been reduced to an acceptable level, you could then create an 'in-line
profile' whereby you configure appropriate actions to be taken when a packet matches a policy.
ADP profiles consist of traffic anomaly profiles and protocol anomaly profiles. To create a new
profile, select a base profile and then click OK to go to the profile details screen. Type a new profile
name, enable or disable individual policies and then edit the default log options and actions.
Click Configuration > Security Policy > ADP > Profile to view the following screen.
Figure 222 Configuration > Security Policy > ADP > Profile
The following table describes the labels in this screen.
Table 137 Configuration > Security Policy > ADP > Profile
LABEL
Profile Management
Add
Edit
Remove
#
Name
Description
Base Profile
Reference

19.3.3 Traffic Anomaly Profiles

Traffic anomaly detection looks for abnormal behavior such as scan or flooding attempts. In the
Configuration > Security Policy > ADP > Profile screen, click the Edit or Add icon and choose
a base profile. Traffic Anomaly is the first tab in the profile.
Chapter 19 Security Policy
DESCRIPTION
Create ADP profiles here and then apply them in the Configuration > Security
Policy > ADP > Profile screen.
Click Add and first choose a none or all Base Profile.
• none base profile sets all ADP entries to have Log set to no and Action set
to none by default.
• all base profile sets all ADP entries to have Log set to log and Action set to
block by default.
Select an entry and click this to be able to modify it.
Select an entry and click this to delete it.
This is the entry's index number in the list.
This is the name of the profile you created.
This is the description of the profile you created.
This is the name of the base profile used to create this profile.
This is the number of object references used to create this profile.
ZyWALL/USG Series User's Guide
334