ZyXEL ZYWALL USG 100 User Guide - Page 51
ADP Profile Configuration, 3.7.1 Procedure To Create a New ADP Profile
View all ZyXEL ZYWALL USG 100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 51 highlights
Chapter 3 Protecting Your Network 3 Edit the default log options and actions. 3.7 ADP Profile Configuration ADP (Anomaly Detection and Prevention) protects against anomalies based on violations of protocol standards (RFCs - Requests for Comments) and abnormal traffic flows such as port scans. You may want to create a new profile if not all traffic or protocol rules in a base profile are applicable to your network. In this case you should disable non-applicable rules so as to improve ZyWALL ADP processing efficiency. You may also find that certain rules are triggering too many false positives or false negatives. A false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As each network is different, false positives and false negatives are common on initial ADP deployment. You could create a new 'monitor profile' that creates logs but all actions are disabled. Observe the logs over time and try to eliminate the causes of the false alarms. When you're satisfied that they have been reduced to an acceptable level, you could then create an 'inline profile' whereby you configure appropriate actions to be taken when a packet matches a detection. 3.7.1 Procedure To Create a New ADP Profile To create a new profile: ZyWALL USG100-PLUS User's Guide 51