The Session Control Screen - ZyXEL Communications ZyWALL 1100 User Manual
Zywall/usg series
Hide thumbs
Also See for ZyWALL 1100:
- User manual (994 pages) ,
- Handbook (749 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Table 139 Configuration > Security Policy > ADP > Profile > Add-Protocol-Anomaly
LABEL
Inactivate
Log
Action
#
Status
Name
Log
Action
OK
Cancel
Save
19.4 The Session Control Screen
Click Configuration > Security Policy > Session Control to display the Security Policy
Session Control screen. Use this screen to limit the number of concurrent NAT/Security Policy
sessions a client can use. You can apply a default limit for all users and individual limits for specific
users, addresses, or both. The individual limit takes priority if you apply both.
Chapter 19 Security Policy
DESCRIPTION
To turn off an entry, select it and click Inactivate.
To edit an item's log option, select it and use the Log icon. Select whether to
have the ZyWALL/USG generate a log (log), log and alert (log alert) or neither
(no) when traffic matches this anomaly policy.
To edit what action the ZyWALL/USG takes when a packet matches a policy,
select the policy and use the Action icon.
original setting: Select this action to return each rule in a service group to its
previously saved configuration.
none: Select this action to have the ZyWALL/USG take no action when a packet
matches a policy.
drop: Select this action to have the ZyWALL/USG silently drop a packet that
matches a policy. Neither sender nor receiver are notified.
reject-sender: Select this action to have the ZyWALL/USG send a reset to the
sender when a packet matches the policy. If it is a TCP attack packet, the
ZyWALL/USG will send a packet with a 'RST' flag. If it is an ICMP or UDP attack
packet, the ZyWALL/USG will send an ICMP unreachable packet.
reject-receiver: Select this action to have the ZyWALL/USG send a reset to the
receiver when a packet matches the policy. If it is a TCP attack packet, the
ZyWALL/USG will send a packet with an a 'RST' flag. If it is an ICMP or UDP
attack packet, the ZyWALL/USG will do nothing.
reject-both: Select this action to have the ZyWALL/USG send a reset to both
the sender and receiver when a packet matches the policy. If it is a TCP attack
packet, the ZyWALL/USG will send a packet with a 'RST' flag to the receiver and
sender. If it is an ICMP or UDP attack packet, the ZyWALL/USG will send an ICMP
unreachable packet.
This is the entry's index number in the list.
The activate (light bulb) icon is lit when the entry is active and dimmed when the
entry is inactive.
This is the name of the anomaly policy. Click the Name column heading to sort
in ascending or descending order according to the protocol anomaly policy
name.
These are the log options. To edit this, select an item and use the Log icon.
This is the action the ZyWALL/USG should take when a packet matches a policy.
To edit this, select an item and use the Action icon.
Click OK to save your settings to the ZyWALL/USG, complete the profile and
return to the profile summary page.
Click Cancel to return to the profile summary page without saving any changes.
Click Save to save the configuration to the ZyWALL/USG but remain in the same
page. You may then go to the another profile screen (tab) in order to complete
the profile. Click OK in the final profile screen to complete the profile.
ZyWALL/USG Series User's Guide
339
- Quick Links:
- Web Configurator
- Web Configurator Access
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
