Chapter 30 IDP

Table 144 Configuration > Anti-X > IDP > Profile (continued)

LABEL

DESCRIPTION

Name

This is the name of the profile you created.

 

 

Base Profile

This is the base profile from which the profile was created.

 

 

30.5 Creating New Profiles

You may want to create a new profile if not all signatures in a base profile are applicable to your network. In this case you should disable non-applicable signatures so as to improve ZyWALL IDP processing efficiency.

You may also find that certain signatures are triggering too many false positives or false negatives. A false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As each network is different, false positives and false negatives are common on initial IDP deployment.

You could create a new ‘monitor profile’ that creates logs but all actions are disabled. Observe the logs over time and try to eliminate the causes of the false alarms. When you’re satisfied that they have been reduced to an acceptable level, you could then create an ‘inline profile’ whereby you configure appropriate actions to be taken when a packet matches a signature.

30.5.1 Procedure To Create a New Profile

To create a new profile:

1Click the Add icon in the Configuration > Anti-X > IDP > Profile screen to display a pop-up screen allowing you to choose a base profile.

2Select a base profile (see Table 143 on page 484) and then click OK to go to the profile details screen.

Note: If Internet Explorer opens a warning screen about a script making Internet Explorer run slowly and the computer maybe becoming unresponsive, just click No to continue.

3Type a new profile name

4Enable or disable individual signatures.

5Edit the default log options and actions.

486

 

ZyWALL USG 50 User’s Guide