ZyWALL 5/35/70 Series User’s Guide

Figure 114 Signature Actions

The following table describes signature actions.

Table 79 Signature Actions

ACTION

DESCRIPTION

 

 

No Action

The intrusion is detected but no action is taken.

 

 

Drop Packet

The packet is silently discarded.

 

 

Drop Session

When the firewall is enabled, subsequent TCP/IP packets belonging to the

 

same connection are dropped. Neither sender nor receiver are sent TCP RST

 

packets. If the firewall is not enabled only the packet that matched the signature

 

is dropped.

Reset Sender

When the firewall is enabled, the TCP/IP connection is silently torn down. Just

 

the sender is sent TCP RST packets. If the firewall is not enabled only the

 

packet that matched the signature is dropped.

Reset Receiver

When the firewall is enabled, the TCP/IP connection is silently torn down. Just

 

the receiver is sent TCP RST packets. If the firewall is not enabled only the

 

packet that matched the signature is dropped.

Reset Both

When the firewall is enabled, the TCP/IP connection is silently torn down. Both

 

sender and receiver are sent TCP RST packets. If the firewall is not enabled

 

only the packet that matched the signature is dropped.

13.3.4 Configuring IDP Signatures

Click IDP in the navigation panel and then click the Signatures tab to see the ZyWALL’s “group view” signature screen where you can view signatures by attack type. To search for signatures based on other criteria such as signature name or ID, then click the Switch to query view link to go to the “query view” screen.

You can take actions on these signatures as described in Section 13.3.3 on page 244. To revert to the default actions or to save sets of actions, go to the Backup & Restore screen.

245

Chapter 13 Configuring IDP