ZyXEL Communications IDP 10 manual 26

IDP Support Notes

9600bps baud rate

N81 data format (No Parity, 8 data bits, 1 stop bit) The baud rate of IDP10 is unchangeable.

How to trouble shoot the false positive and false negative cases?

Please capture the problematic packets through the following steps and send the packet trace back to ZyXEL support. The capturing can be done as follows: Prepare a PC with a packet capturing software. (Go to http://www.ethereal.com for free download.)

Calibrate time on PC and IDP.

Put the PC on IDP-10's interface where the problematic packets arrive.

Observe the log on IDP where the false positive/negative logs occur and save the packets captured by the Ethereal at that timestamp.

What's the difference between Inline, Monitor and Bypass mode?

Inline: Put ZyWALL IDP in action! It detects any suspicious or malicious packets running through it, and depends on the action policy, it would log, drop, or blocks the packets.

Monitor: ZyWALL IDP monitors all the traffics going through it, but does not block any packets. Think of it as a surveillance camera. It’s recommended to have your ZyWALL IDP in monitor mode when you fist install it to your network. You could then identify and correct any "false positive: or "false negative" detections Bypass: ZyWALL IDP will not detect nor block any traffic at all.

26

All contents copyright (c) 2004 ZyXEL Communications Corporation.