Chapter 30 IDP

Note: The ZyWALL checks all signatures and continues searching even after a match is found. If two or more rules have conflicting actions for the same packet, then the ZyWALL applies the more restrictive action (reject-both,reject-receiver or reject-sender, drop, none in this order). If a packet matches a rule for reject- receiver and it also matches a rule for reject-sender, then the ZyWALL will reject-both.

Figure 297 Configuration > Anti-X > IDP > Custom Signatures

The following table describes the fields in this screen.

Table 150 Configuration > Anti-X > IDP > Custom Signatures

LABEL

DESCRIPTION

Custom

Use this part of the screen to create, edit, delete or export (save to your

Signature

computer) custom signatures.

Rules

 

 

 

Add

Click this to create a new entry.

 

 

Edit

Select an entry and click this to be able to modify it.

 

 

Remove

Select an entry and click this to delete it.

 

 

Activate

To turn on an entry, select it and click Activate.

 

 

Export

To save an entry or entries as a file on your computer, select them and

 

click Export. Click Save in the file download dialog box and then select a

 

location and name for the file.

 

Custom signatures must end with the ‘rules’ file name extension, for

 

example, MySig.rules.

 

 

#

This is the entry’s index number in the list.

 

 

SID

SID is the signature ID that uniquely identifies a signature. Click the SID

 

header to sort signatures in ascending or descending order. It is

 

automatically created when you click the Add icon to create a new

 

signature. You can edit the ID, but it cannot already exist and it must be

 

in the 9000000 to 9999999 range.

 

 

Name

This is the name of your custom signature. Duplicate names can exist,

 

but it is advisable to use unique signature names that give some hint as

 

to intent of the signature and the type of attack it is supposed to prevent.

 

 

 

499

ZyWALL USG 50 User’s Guide