Protocol Anomaly Profiles; Table 175 Adp > Profile > Traffic Anomaly - ZyXEL Communications ZyWALL USG 100 Series User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 100 Series:
- Quick start manual (128 pages) ,
- Release note (19 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Chapter 31 ADP
The following table describes the fields in this screen.
Table 175 ADP > Profile > Traffic Anomaly
LABEL
Name
Scan/Flood
Detection
Sensitivity
Block Period
Name
Activation
Log
Action
Threshold
OK
Cancel
Save
31.3.5 Protocol Anomaly Profiles
Protocol anomaly is the third screen in an ADP profile. Protocol anomaly (PA) rules check for
protocol compliance against the relevant RFC (Request for Comments).
Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and
ICMP Decoder where each category reflects the packet type inspected.
528
DESCRIPTION
This is the name of the ADP profile. You may use 1-31 alphanumeric characters,
underscores(
), or dashes (-), but the first character cannot be a number. This
_
value is case-sensitive. These are valid, unique profile names:
MyProfile
mYProfile
Mymy12_3-4
These are invalid profile names:
1mYProfile
My Profile
MyProfile?
Whatalongprofilename123456789012
(Scan detection only.) Select a sensitivity level so as to reduce false positives in
your network. If you choose low sensitivity, then scan thresholds and sample times
are set low, so you will have fewer logs and false positives; however some traffic
anomaly attacks may not be detected.
If you choose high sensitivity, then scan thresholds and sample times are set high,
so most traffic anomaly attacks will be detected; however you will have more logs
and false positives.
Specify for how many seconds the ZyWALL blocks all packets from being sent to
the victim (destination) of a detected anomaly attack.
This is the name of the traffic anomaly rule. Click the Name column heading to sort
in ascending or descending order according to the rule name.
Click the icon to enable or disable a rule or group of rules.
Select whether to have the ZyWALL generate a log (log), log and alert (log alert) or
neither (no) when traffic matches this anomaly rule. See
for more on logs.
Select what the ZyWALL should do when a packet matches a rule.
none: The ZyWALL takes no action when a packet matches the signature(s).
block: The ZyWALL silently drops packets that matches the rule. Neither sender
nor receiver are notified.
For flood detection you can set the number of detected flood packets per second
that causes the ZyWALL to take the configured action.
Click OK to save your settings to the ZyWALL, complete the profile and return to the
profile summary page.
Click Cancel to return to the profile summary page without saving any changes.
Click Save to save the configuration to the ZyWALL but remain in the same page.
You may then go to the another profile screen (tab) in order to complete the profile.
Click OK in the final profile screen to complete the profile.
Chapter 46 on page 725
ZyWALL USG 100/200 Series User's Guide
- Quick Links:
- Getting Started
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
