Chapter 30 ADP
The following table describes the fields in this screen.
Table 143 ADP > Profile > Traffic Anomaly
LABEL | DESCRIPTION |
Name | This is the name of the ADP profile. You may use |
| underscores(_), or dashes |
| value is |
| MyProfile |
| mYProfile |
| |
| These are invalid profile names: |
| 1mYProfile |
| My Profile |
| MyProfile? |
| Whatalongprofilename123456789012 |
|
|
Scan/Flood |
|
Detection |
|
|
|
Sensitivity | (Scan detection only.) Select a sensitivity level so as to reduce false positives in |
| your network. If you choose low sensitivity, then scan thresholds and sample times |
| are set low, so you will have fewer logs and false positives; however some traffic |
| anomaly attacks may not be detected. |
| If you choose high sensitivity, then scan thresholds and sample times are set high, |
| so most traffic anomaly attacks will be detected; however you will have more logs |
| and false positives. |
|
|
Block Period | Specify for how many seconds the ZyWALL blocks all packets from being sent to |
| the victim (destination) of a detected anomaly attack. |
|
|
Name | This is the name of the traffic anomaly rule. Click the Name column heading to sort |
| in ascending or descending order according to the rule name. |
|
|
Activation | Click the icon to enable or disable a rule or group of rules. |
|
|
Log | Select whether to have the ZyWALL generate a log (log), log and alert (log alert) or |
| neither (no) when traffic matches this anomaly rule. See Chapter 46 on page 625 |
| for more on logs. |
|
|
Action | Select what the ZyWALL should do when a packet matches a rule. |
| none: The ZyWALL takes no action when a packet matches the signature(s). |
| block: The ZyWALL silently drops packets that matches the rule. Neither sender |
| nor receiver are notified. |
|
|
Threshold | For flood detection you can set the number of detected flood packets per second |
| that causes the ZyWALL to take the configured action. |
|
|
OK | Click OK to save your settings to the ZyWALL, complete the profile and return to |
| the profile summary page. |
|
|
Cancel | Click Cancel to return to the profile summary page without saving any changes. |
|
|
Save | Click Save to save the configuration to the ZyWALL but remain in the same page. |
| You may then go to the another profile screen (tab) in order to complete the profile. |
| Click OK in the final profile screen to complete the profile. |
|
|
30.9 Profiles: Protocol Anomaly
Protocol anomaly is the third screen in an ADP profile. Protocol anomaly (PA) rules check for protocol compliance against the relevant RFC (Request for Comments).
456 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|