ZyWALL 5/35/70 Series User’s Guide
Figure 114 Signature Actions
The following table describes signature actions.
Table 79 Signature Actions
ACTION | DESCRIPTION |
|
|
No Action | The intrusion is detected but no action is taken. |
|
|
Drop Packet | The packet is silently discarded. |
|
|
Drop Session | When the firewall is enabled, subsequent TCP/IP packets belonging to the |
| same connection are dropped. Neither sender nor receiver are sent TCP RST |
| packets. If the firewall is not enabled only the packet that matched the signature |
| is dropped. |
Reset Sender | When the firewall is enabled, the TCP/IP connection is silently torn down. Just |
| the sender is sent TCP RST packets. If the firewall is not enabled only the |
| packet that matched the signature is dropped. |
Reset Receiver | When the firewall is enabled, the TCP/IP connection is silently torn down. Just |
| the receiver is sent TCP RST packets. If the firewall is not enabled only the |
| packet that matched the signature is dropped. |
Reset Both | When the firewall is enabled, the TCP/IP connection is silently torn down. Both |
| sender and receiver are sent TCP RST packets. If the firewall is not enabled |
| only the packet that matched the signature is dropped. |
Click IDP in the navigation panel and then click the Signatures tab to see the ZyWALL’s “group view” signature screen where you can view signatures by attack type. To search for signatures based on other criteria such as signature name or ID, then click the Switch to query view link to go to the “query view” screen.
You can take actions on these signatures as described in Section 13.3.3 on page 244. To revert to the default actions or to save sets of actions, go to the Backup & Restore screen.
245 | Chapter 13 Configuring IDP |