ZyXEL Communications ZYWALL IDP 10 Support Notes

ZyXEL Communications ZYWALL IDP 10 Support Notes

Intrusion detection prevention appliance
Hide thumbs Also See for ZYWALL IDP 10:
Table of Contents

Advertisement

Quick Links

ZyWALL IDP 10
Intrusion Detection Prevention Appliance
Support Notes
Version 1.0
Aug 2004

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ZYWALL IDP 10 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications ZYWALL IDP 10

  • Page 1 ZyWALL IDP 10 Intrusion Detection Prevention Appliance Support Notes Version 1.0 Aug 2004...
  • Page 2: Table Of Contents

    Why do I need ZyWALL IDP, if I already have ZyWALL 5/35/70? ...24 Will I lose network access if my ZyWALL IDP 10 lost power or crash?...24 If I forget IDP’s password, how to reset the password to default? ...25 How to access IDP through console?...25...
  • Page 3 What’s the priority among Pre-defined policy and User-defined policy? ...36 Trouble Shooting ... 36 Unable to Run Applications ...36 CLI Command List... 39 System related Command ...39 Debug mode CLI Command...42 All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 4: Application Notes

    Assign an IP address to “Management” port to make management of ZyWALL IDP10 possible in your existing network. The following diagram and table illustrate the network topology and IP address assignment of the example network. IP Address assignment: Network Segment 211.1.1.0/28 All contents copyright (c) 2004 ZyXEL Communications Corporation. 192.168.2.0/24 192.168.1.0/24 IDP Support Notes...
  • Page 5 WLAN. So we suggest users to place an IDP device before WLAN connects to internal network. The policy protection applies on LAN port of IDP (F). All contents copyright (c) 2004 ZyXEL Communications Corporation. 192.168.2.5-10 LAN1: 192.168.1.5-50 LAN2: 192.168.1.51-100...
  • Page 6 Change ZyWALL IDP 10 default gateway OK. $>set system dns 168.95.1.1 Change ZyWALL IDP 10 default DNS server OK. 4. Repeat the step 3 to configure IDP (B, C, D, E, F) according to IP address assignment table. Through WEB GUI or Telnet All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 7 2. Go to Start->Settings->Network and Dial-up Connections, and select the Ethernet connection you are connecting to IDP device. 3. Change PC’s IP address to 192.168.1.5, subnet mask= 255.255.255.0 from properties. 4. Log into IDP’s WEB GUI via browser. All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 8 5. Go to SYSTEM->General->Device, input IDP (A,)’s IP address, subnet mask, default gateway, DNS server’s IP address. 6. Repeat step 1-5 to configure IDP (B, C, D, E, F) according to IP address assignment table. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 9 Login IDP (B, C, D)’s WEB GUI, go to SYSTEM->INTERFACE->Policy Check. Then enable policy checking on WAN and LAN port of IDP (A). Login IDP (F)’s WEB GUI; go to SYSTEM->INTERFACE->Policy Check. Then enable policy checking on LAN port of IDP (F). All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 10: Register Zywall Idp

    Having an up-to-date policy set is essential as new attack types evolve. 1. A “Device License Key” card is included in ZyWALL IDP package for one year free subscription. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 11 IDP Support Notes 2. Go to ZyXEL Communications online services center. http://www.myZyXEL.com. 3. In case you haven't got an account on myZyXEL.com, you need to get a new account. Please follow the instruction on myZyXEL.com; we skip the description of detailed procedure in this article.
  • Page 12 6. In this step you need to enter Serial Number, Authentication Code (MAC address), and a Friendly Name for your product. You can find serial number and MAC address at the bottom of your device. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 13 IDP Support Notes 7. Input the date you purchase the product, and the purpose of the buying. 8. You would get a successful message. Then press Continue button. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 14 9. From ZyWALL IDP’s Applicable Service List, you will have a service "IDP Signature Update" available. Click Activate. 10. Enter the license key you get from “Device License Key” card. Then press Submit button. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 15 11. After clicking Submit button, you will get an “Activation Key” and “Service Set Key”. An email with these keys will be send to your email address as well. 12. You can copy & paste “Activation Key” to ZyWALL IDP’s Registration page. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 16: Firmware Upgrade

    Click browse to select firmware file (.bin) and click Upload button to start firmware upload. 2. It may take few minutes for firmware upload process to finish. ZyWALL IDP will reboot when firmware upload completed. All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 17: Signature Update

    IDP > Update and enter Update Server’s domain name (updateidp.zyxel.com) 1. You could click Update Now to force ZyWALL IDP to perform signature update immediately. 2. Enable “Auto Download & Update” if you want to perform update during non-peak hour. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 18: Configure User Defined Policy

    1. Get Ethereal installed on a PC. Ethereal is a freeware packet capturing tool, you can get a freed download from http://www.ethereal.com. 2. Insert a hub where the ethereal traffic flows. 3. Attach the PC with Ethereal installed on the hub as below. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 19 ASCII format of the packet. After observing, we can see eMule client sends “eDonkey TCP: Hello” after TCP three way handshaking. And each time, you can see the key word of “http://emule-project.net” appears in TCP payload. All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 20 IP and TCP (UDP/ICMP) headers are not included. For IP protocol, the starting point of the offset is at the end of the IP header (IP header is not included). Press Apply button to save the policy. All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 21 IDP Support Notes After click Apply button, we get the summary of the user defined policy. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 22 IDP Support Notes All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 23: Idp Faq

    A false positive is when a IDS/IDP system incorrectly reports that it has found attacks, and falsely drops a legitimate packet. But if an attack can through IDS/IDP system without being awared, then we call it’s a false negative. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 24: Is Idp Able To Investigate Vpn Traffic

    • Catches attacks that firewalls legitimate allow through (such as attacks against web servers). • Catches attempts that fail. • Catches insider hacking. Will I lose network access if my ZyWALL IDP 10 lost power or All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 25: If I Forget Idp's Password, How To Reset The Password To Default

    IDP Support Notes crash? ZyWall IDP 10 does not support hardware bypass, so if your ZyWALL IDP 10 lost power or crashed, you will need to either replace it or take it off the network immediately. If I forget IDP’s password, how to reset the password to default? The default IDP user name/password is “admin/1234”.
  • Page 26: How To Trouble Shoot The False Positive And False Negative Cases

    ZyWALL IDP in monitor mode when you fist install it to your network. You could then identify and correct any "false positive: or "false negative" detections Bypass: ZyWALL IDP will not detect nor block any traffic at all. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 27: When Should I Use Vlan Tag Function

    If the computer you use to manage ZyWALL IDP is in LAN with VLAN ID3, you must configure your ZyWALL IDP with VLAN ID3. How to restart device from WEB GUI, Console? WEB GUI Login to your ZyWALL IDP using an internet browser All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 28 Click Restart button to restart your ZyWALL IDP. It may take few minutes before you can access the device again. Console Login using admin/1234, and type the command “reboot” to restart your device. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 29: What Does "Stealth" Mean, Why Should I Need It

    I can not remote manage my ZyWALL IDP 10 at home, why? By default, ZyWALL IDP 10’s WAN port is in Stealth mode to prevent hacker from entering ZyWALL IDP 10. It’s recommended always use MGMT port to configure ZyWALL IDP 10.
  • Page 30: What's Pre-Defined Signature

    The login user name/password is as login user name/password for http://www.myzyxel.com where users register ZyWALL IDP10. How do I make sure my ZyWALL IDP10 already gets the latest policy? You can check the latest policy version on mySecurityZone (https://mysecurity.zyxel.com) All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 31: I Can't Download The Latest Policy From Update Server. How Can I Fix The Problem

    IDP Support Notes And you should make sure your ZyWALL IDP 10 has updated policy to the latest version. Go to WEB Interface Home. I can’t download the latest policy from update server. How can I fix the problem? We recommend users to update policy, send E-mail reports or syslogs through ZyWALL IDP10’s MGMT port (management port).
  • Page 32: How Many User-Defined Policies Can I Have On Zywall Idp 10

    ZyWALL IDP10 (SYSTEM/GENEARL/Device/DNS Server). How many User-defined policies can I have on ZyWALL IDP 10? You can create up to 128 User-defined policies on a ZyWALL IDP 10. How many policies does ZyWALL IDP 10 support in total? ZyWALL IDP 10 can contain up to 3000 policies, Pre-defined + User-defined.
  • Page 33: What's "Drop" And "Block Connection" For Action Of User Defined Policy

    A policy is bound to WAN or LAN interface when it’s created. If the policy is created to check Incoming direction, then it’s applied on WAN interface. If the policy is All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 34: How To Decide Which Interface Should Be Applied For Policy Check

    If your IDP is used to protect a trusted network from being attacked by Internet attackers, then you can disable policy check on LAN interface, and enable policy check on WAN interface. Thus Internet access traffic from trusted domain won’t be checked. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 35: In User-Defined Policy, What's The Meaning Of Matching Offset, Matching Depth

    1 as long as it’s within the depth defined) and string overlaps are also allowed. The multiple contents should be all found in one packet for a match. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 36: What's The Priority Among Pre-Defined Policy And User-Defined Policy

    Otherwise, please go to the next step. Step3. Go to WEB interface of ZyWALL IDP10, identify the False Positives policy in Logs. Then record down this Policy ID no. All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 37 Step4. Search this policy by the Policy ID in IDP>>Pre-defined>>Policy Search. Step5. Under the search result, please change the Action taken to Log ONLY and click Apply. All contents copyright (c) 2004 ZyXEL Communications Corporation. IDP Support Notes...
  • Page 38 Finally, it should be able to run now. If possible, please provide us the application’s name & version and the policy ID and system information including IDP 10’s firmware version and policy version; it will be great help for us to trace the root cause. All contents copyright (c) 2004 ZyXEL Communications Corporation.
  • Page 39: Cli Command List

    <value> system tomeout backup restore vlan ip <ip address> mask gateway detect All contents copyright (c) 2004 ZyXEL Communications Corporation. Command link <UnTAg|Tag> vpnbypass <ON/OFF> portscan <ON/OFF> fragment <ON/OFF> IDP Support Notes Description Setup maximum log number the device generated...
  • Page 40 <ON/OFF> trap ip <value> <CAN+MGMT/W AN+MGMT/MGM T/ALL> All contents copyright (c) 2004 ZyXEL Communications Corporation. Enable/disable TCP state check Setup TCP idle timeout Setup maximum ping length Setup maximum ping packet number per second Setup maximum ping packet accepted at wan port Setup maximum ping packet accepted at lan port wan <ON/OFF>...
  • Page 41 All contents copyright (c) 2004 ZyXEL Communications Corporation. acl <ip address> <CAN+MGMT/W AN+MGMT/MGM T/ALL> acl <ip address> IDP Support Notes Disable remote SSH access Setup access control list ip address Enable remote web access from...
  • Page 42: Debug Mode Cli Command

    Tftp <server ip> reboot reset resetAll ping netstat All contents copyright (c) 2004 ZyXEL Communications Corporation. Command <file name> IDP Support Notes Description Setup device temporary ip address in the debug mode Setup device temporary ip mask in the debug...

Table of Contents