Chapter 38 IDP
ZyWALL USG Series User’s Guide
720
Action
To edit what action the Zyxel Device takes when a packet matches a signature, select the
signature and use the
Action
icon.
none
: Select this action on an individual signature or a complete service group to have the
Zyxel Device take no action when a packet matches the signature(s).
drop
: Select this action on an individual signature or a complete service group to have the
Zyxel Device silently drop a packet that matches the signature(s). Neither sender nor receiver
are notified.
reject-sender
: Select this action on an individual signature or a complete service group to have
the Zyxel Device send a reset to the sender when a packet matches the signature. If it is a TCP
attack packet, the Zyxel Device will send a packet with a ‘RST’ flag. If it is an ICMP or UDP
attack packet, the Zyxel Device will send an ICMP unreachable packet.
reject-receiver
: Select this action on an individual signature or a complete service group to
have the Zyxel Device send a reset to the receiver when a packet matches the signature. If it is
a TCP attack packet, the Zyxel Device will send a packet with an a ‘RST’ flag. If it is an ICMP or
UDP attack packet, the Zyxel Device will do nothing.
reject-both
: Select this action on an individual signature or a complete service group to have
the Zyxel Device send a reset to both the sender and receiver when a packet matches the
signature. If it is a TCP attack packet, the Zyxel Device will send a packet with a ‘RST’ flag to the
receiver and sender. If it is an ICMP or UDP attack packet, the Zyxel Device will send an ICMP
unreachable packet.
#
This is the entry’s index number in the list.
Status
The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is
inactive.
Message
This displays the message of the violation of IDP Profile rule.
SID
This displays the Signature ID number. The SID is a numerical field in the 9000000 to 9999999
range.
Severity
These are the severities as defined in the Zyxel Device. The number in brackets is the number
you use if using commands.
Severe
(5): These denote attacks that try to run arbitrary code or gain system privileges.
High
(4): These denote known serious vulnerabilities or attacks that are probably not false
alarms.
Medium
(3): These denote medium threats, access control attacks or attacks that could be
false alarms.
Low
(2): These denote mild threats or attacks that could be false alarms.
Very Low
(1): These denote possible attacks caused by traffic such as Ping, trace route, ICMP
queries etc.
Policy Type
This displays
the application of the IDP profile.
Log
These are the log options. To edit this, select an item and use the
Log
icon.
Action
This is the action the Zyxel Device should take when a packet matches a signature here. To edit
this, select an item and use the
Action
icon.
Excepted
Signatures
Use the icons to enable/disable and configure logs and actions for individual signatures that
are different to the general settings configured for the severity level to which the signatures
belong. Signatures configured in
Query View
will appear in
Group View
.
Add
Click this to configure settings to a signature that are different to the severity level to which it
belongs.
Remove
Select an existing signature exception and then click this to delete the exception.
Activate
To turn on an entry, select it and click
Activate
.
Inactivate
To turn off an entry, select it and click
Inactivate
.
Table 260 Configuration > UTM Profile> IDP > Profile > Add > Group View (continued)
LABEL
DESCRIPTION
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...