ZyXEL Communications USG40 User Manual page 331

The following table describes the labels in this screen.
Table 135 Configuration > Security Policy > ADP > Profile > Add-Traffic-Anomaly
LABELS
Name
Description
Scan/Flood Detection
Sensitivity
Edit (Flood Detection
only)
Activate
Inactivate
Log
Action
#
Status
Name
Log
Action
Chapter 18 Security Policy
DESCRIPTION
A name is automatically generated that you can edit. The name must be the
same in the Traffic Anomaly and Protocol Anomaly screens for the same ADP
profile. You may use 1-31 alphanumeric characters, underscores(
(-), but the first character cannot be a number. This value is case-sensitive.
These are valid, unique profile names:
• MyProfile
• mYProfile
• Mymy12_3-4
• These are invalid profile names:
• 1mYProfile
• My Profile
• MyProfile?
• Whatalongprofilename123456789012
In addition to the name, type additional information to help you identify this ADP
profile.
Scan detection, such as port scanning, tries to find attacks where an attacker
scans device(s) to determine what types of network protocols or services a
device supports.
Flood detection tries to find attacks that saturate a network with useless data,
use up all available bandwidth, and so aim to make communications in the
network impossible.
(Scan detection only.) Select a sensitivity level so as to reduce false positives in
your network. If you choose low sensitivity, then scan thresholds and sample
times are set low, so you will have fewer logs and false positives; however some
traffic anomaly attacks may not be detected.
If you choose high sensitivity, then scan thresholds and sample times are set
high, so most traffic anomaly attacks will be detected; however you will have
more logs and false positives.
Select an entry and click this to be able to modify it.
To turn on an entry, select it and click Activate.
To turn off an entry, select it and click Inactivate.
To edit an item's log option, select it and use the Log icon. Select whether to
have the ZyWALL/USG generate a log (log), log and alert (log alert) or neither
(no) when traffic matches this anomaly policy.
To edit what action the ZyWALL/USG takes when a packet matches a policy,
select the policy and use the Action icon.
none: The ZyWALL/USG takes no action when a packet matches the policy.
block: The ZyWALL/USG silently drops packets that matches the policy. Neither
sender nor receiver are notified.
This is the entry's index number in the list.
The activate (light bulb) icon is lit when the entry is active and dimmed when the
entry is inactive.
This is the name of the anomaly policy. Click the Name column heading to sort
in ascending or descending order according to the protocol anomaly policy
name.
These are the log options. To edit this, select an item and use the Log icon.
This is the action the ZyWALL/USG should take when a packet matches a policy.
To edit this, select an item and use the Action icon.
ZyWALL/USG Series User's Guide
331
), or dashes
_