Chapter 38 IDP
ZyWALL USG Series User’s Guide
725
38.2.5 Query Example
This example shows a search with these criteria:
• Severity: high
• Policy Type: DoS
• Platform: Windows
• Service: Any
• Actions: Any
Severity
Search for signatures by severity level(s). Hold down the [Ctrl] key if you want to make
multiple selections.
These are the severities as defined in the Zyxel Device. The number in brackets is the number
you use if using commands.
Severe
(5): These denote attacks that try to run arbitrary code or gain system privileges.
High
(4): These denote known serious vulnerabilities or attacks that are probably not false
alarms.
Medium
(3): These denote medium threats, access control attacks or attacks that could be
false alarms.
Low
(2): These denote mild threats or attacks that could be false alarms.
Very-Low
(1): These denote possible attacks caused by traffic such as Ping, trace route,
ICMP queries etc.
Attack Type
Search for signatures by attack type(s) (see
). Attack types are known
as policy types in the group view screen. Hold down the [Ctrl] key if you want to make
multiple selections.
Platform
Search for signatures created to prevent intrusions targeting specific operating system(s).
Hold down the [Ctrl] key if you want to make multiple selections.
Service
Search for signatures by IDP service group(s). See
for group details.
Hold down the [Ctrl] key if you want to make multiple selections.
Action
Search for signatures by the response the Zyxel Device takes when a packet matches a
signature. See
for action details. Hold down the [Ctrl] key if you want
to make multiple selections.
Activation
Search for activated and/or inactivated signatures here.
Log
Search for signatures by log option here. See
for option details.
Search
Click this button to begin the search. The results display at the bottom of the screen. Results
may be spread over several pages depending on how broad the search criteria selected
were. The tighter the criteria selected, the fewer the signatures returned.
Query Result
The results are displayed in a table showing the
SID, Name, Severity, Attack Type, Platform,
Service, Activation, Log
, and
Action
criteria as selected in the search. Click the
SID
column
header to sort search results by signature ID.
OK
Click
OK
to save your settings to the Zyxel Device, complete the profile and return to the
profile summary page.
Cancel
Click
Cancel
to return to the profile summary page without saving any changes.
Save
Click
Save
to save the configuration to the Zyxel Device, but remain in the same page. You
may then go to the another profile screen (tab) in order to complete the profile. Click
OK
in
the final profile screen to complete the profile.
Table 263 Configuration > UTM Profile > IDP > Profile: Query View (continued)
LABEL
DESCRIPTION
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...