Chapter 30 ADP
Figure 339
The following table describes the screens in this screen.
Table 140
LABEL | DESCRIPTION |
Enable | Select this check box to turn on this anomaly profile to traffic direction binding. |
|
|
From | Traffic direction is defined by the zone the traffic is coming from and the zone |
| the traffic is going to. |
| Use the From field to specify the zone from which the traffic is coming. |
| Select ZyWALL to specify traffic coming from the ZyWALL itself. |
|
|
To | Use the To field to specify the zone to which the traffic is going. |
| Select ZyWALL to specify traffic destined for the ZyWALL itself. |
|
|
ADP Profile | An ADP profile is a set of ADP rules with configured activation, log and action |
| settings. Select an ADP profile to bind to the entry’s traffic direction. Configure |
| the ADP profiles in the ADP profile screens. |
|
|
OK | Click OK to save your changes. |
|
|
Cancel | Click Cancel to exit this screen without saving your changes. |
|
|
30.5 Introducing ADP Profiles
An ADP profile is a set of traffic anomaly rules and protocol anomaly rules.
•Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or network flooding. It operates at OSI
•Protocol anomaly rules check for protocol compliance against the relevant RFC (Request For Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new firmware.
Anomaly detection is in general effective against abnormal behavior while packet inspection signatures are created for known attacks (see Chapter 29 on page 417 for information on packet inspection).
30.5.1 Base Profiles
The ZyWALL comes with several base profiles. You use base profiles to create new profiles.
448 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|