Adp; Overview; What You Can Do Using The Adp Screens; What You Need To Know About Adp - ZyXEL Communications ZyWall USG 50-H Series User Manual

C
H A P T E R

27.1 Overview

This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and
applying an ADP profile to a traffic direction. ADP protects against anomalies based on
violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as
port scans.

27.1.1 What You Can Do Using the ADP Screens

• Use Anti-X > ADP > General
off and apply anomaly profiles to traffic directions.
• Use Anti-X > ADP > Profile
existing profile or delete an existing profile.

27.1.2 What You Need To Know About ADP

Traffic Anomalies
Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or
network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be
updated when you upload new firmware.
Protocol Anomalies
Protocol anomalies are packets that do not comply with the relevant RFC (Request For
Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP
Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new
firmware.
ADP Profile
An ADP profile is a set of traffic anomaly rules and protocol anomaly rules that you can
activate as a set and configure common log and action settings. You can apply ADP profiles to
traffic flowing from one zone to another.
Base ADP Profiles
Base ADP profiles are templates that you use to create new ADP profiles.The ZyWALL
comes with several base profiles. See
ZyWALL USG 50-H User's Guide
(Section 27.2 on page 424) to turn anomaly detection on or
(Section 27.3 on page 426) to add a new profile, edit an
Table 149 on page 427
27

ADP

for details on ADP base profiles.
423