Chapter 30 ADP
Table 142
LABEL | DESCRIPTION |
Base Profile | This is the base profile from which the profile was created. |
|
|
(Icons) | Click the Add icon in the column header to create a new profile. A |
| displays requiring you to choose a base profile from which to create the new profile. |
| Click an Edit icon to edit an existing profile. |
| Click a Remove icon to delete an existing profile. |
|
|
30.7 Creating New Profiles
You may want to create a new profile if not all rules in a base profile are applicable to your network. In this case you should disable
You may also find that certain rules are triggering too many false positives or false negatives. A false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As each network is different, false positives and false negatives are common on initial ADP deployment.
You could create a new ‘monitor profile’ that creates logs but all actions are disabled. Observe the logs over time and try to eliminate the causes of the false alarms. When you’re satisfied that they have been reduced to an acceptable level, you could then create an ‘inline profile’ whereby you configure appropriate actions to be taken when a packet matches a rule.
30.7.1 Procedure To Create a New Profile
To create a new profile:
1Click the Add icon in the
2Select a base profile (see Table 141 on page 449) and then click OK to go to the profile details screen.
3Type a new profile name
4Enable or disable individual rules
5Edit the default log options and actions.
30.8Profiles: Traffic Anomaly
The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly detection looks for abnormal behavior such as scan or flooding attempts. In the
450 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|