Home » ZyXEL Manuals » Networking » ZyXEL NXC5200 » Manual Viewer

ZyXEL NXC5200 User Guide - Page 337

Traffic Anomalies

Get ZyXEL NXC5200 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 337 highlights

CHAPTER 22 ADP 22.1 Overview This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol standards (RFCs - Requests for Comments) and abnormal flows such as port scans. ADP and IDP Comparison: 1 ADP anomaly detection is in general effective against abnormal behavior while IDP packet inspection signatures are in general effective for known attacks (see Chapter 21 on page 303 for information on packet inspection). 2 ADP traffic and anomaly rules are updated when you upload new firmware. This is different from the IDP packet inspection signatures and the system protect signatures you download from myZyXEL.com. 22.1.1 What You Can Do in this Chapter • The General screen (Section 22.2 on page 339) turns anomaly detection on or off and applies anomaly profiles to traffic directions. • The Profile screen (Section 22.3 on page 340) adds new profiles, edits an existing profile or deletes an existing profile. 22.1.2 What You Need To Know The following terms and concepts may help as you read this chapter. Traffic Anomalies Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be updated when you upload new firmware. NXC5200 User's Guide 337

Section	Page
NXC5200	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Table of Contents	9
User’s Guide	23
Introduction	25
1.1 Overview	25
1.2 Rack-mounted Installation	25
1.2.1 Rack-Mounted Installation Procedure	26
1.2.2 LAN Module Installation Procedure	27
1.3 Front and Back Panels	29
1.3.1 1000Base-T Ports	29
1.3.2 Optional Fiber Ports	30
1.3.3 Front Panel LEDs	31
1.4 Management Overview	31
1.5 Starting and Stopping the NXC	32
Features and Applications	35
2.1 Features	35
2.2 Applications	37
2.2.1 AP Management	37
2.2.2 Wireless Security	37
2.2.3 Captive Portal	38
2.2.4 Load Balancing	38
2.2.5 Dynamic Channel Selection	38
2.2.6 User-Aware Access Control	39
2.2.7 Device HA	39
The Web Configurator	41
3.1 Overview	41
3.2 Access	41
3.3 The Main Screen	43
3.3.1 Title Bar	44
3.3.2 Navigation Panel	44
3.3.3 Warning Messages	49
3.3.4 Site Map	50
3.3.5 Object Reference	50
3.3.6 Tables and Lists	55
Configuration Basics	59
4.1 Overview	59
4.2 Object-based Configuration	59
4.3 Zones, Interfaces, and Physical Ports	60
4.3.1 Interface Types	60
4.3.2 Example Interface and Zone Configuration	61
4.4 Feature Configuration Overview	62
4.4.1 Feature	62
4.4.2 Licensing Registration	62
4.4.3 Licensing Update	63
4.4.4 Wireless	63
4.4.5 Interface	63
4.4.6 Policy Routes	63
4.4.7 Static Routes	64
4.4.8 Zones	64
4.4.9 NAT	64
4.4.10 ALG	64
4.4.11 Captive Portal	65
4.4.12 Firewall	65
4.4.13 Application Patrol	65
4.4.14 Anti-Virus	65
4.4.15 IDP	66
4.4.16 ADP	66
4.4.17 Device HA	66
4.5 Objects	66
4.5.1 User/Group	67
4.5.2 AP Profile	67
4.5.3 MON Profile	68
4.6 System	68
4.6.1 DNS, WWW, SSH, TELNET, FTP, and SNMP	68
4.6.2 Logs and Reports	68
4.6.3 File Manager	69
4.6.4 Diagnostics	69
4.6.5 Shutdown	69
Tutorials	71
5.1 Overview	71
5.2 Sample Network Setup	72
5.2.1 Tutorial Tasks	73
5.2.2 Set the Management VLAN (vlan99)	74
5.2.3 Set the Other VLANs (vlan101, vlan102)	75
5.2.4 Configure the AAA Object	77
5.2.5 Configure the Auth. Method Objects (staff, guest)	79
5.2.6 Create the AP Profiles (staff, guest)	80
5.2.7 Create the Guest User Account	83
5.2.8 Configure the Captive Portal Settings	84
5.2.9 Configure the Guest Firewall Rules	85
5.3 Blocking Network Protocols	87
5.3.1 Configuring the WLAN Zone	87
5.3.2 Configuring the Firewall	88
5.3.3 Blocking Sub-Protocols	90
5.4 Rogue AP Detection	92
5.4.1 Rogue AP Containment	96
5.5 Load Balancing	97
5.6 Dynamic Channel Selection	98
Technical Reference	101
Dashboard	103
6.1 Overview	103
6.1.1 What You Can Do in this Chapter	103
6.2 Dashboard	104
6.2.1 CPU Usage	109
6.2.2 Memory Usage	110
6.2.3 Session Usage	111
6.2.4 DHCP Table	112
6.2.5 Number of Login Users	113
Monitor	115
7.1 Overview	115
7.1.1 What You Can Do in this Chapter	115
7.2 What You Need to Know	116
7.3 Port Statistics	117
7.3.1 Port Statistics Graph	118
7.4 Interface Status	119
7.5 Traffic Statistics	121
7.6 Session Monitor	124
7.7 IP/MAC Binding Monitor	127
7.8 Login Users	128
7.9 AP List	129
7.9.1 Station Count of AP	130
7.10 Radio List	131
7.10.1 AP Mode Radio Information	132
7.11 Station List	133
7.12 Detected Device	134
7.13 Application Patrol	135
7.13.1 Application Patrol: General Settings	135
7.13.2 Application Patrol: Bandwidth Statistics	136
7.13.3 Application Patrol: Protocol Statistics	137
7.13.4 Application Patrol: Protocol Statistics by Rule	138
7.14 Anti-Virus	139
7.15 IDP	141
7.16 View Log	143
7.17 View AP Log	146
Registration	151
8.1 Overview	151
8.1.1 What You Can Do in this Chapter	151
8.1.2 What you Need to Know	151
8.2 Registration	153
8.3 Service	155
Signature Update	157
9.1 Overview	157
9.1.1 What You Can Do in this Chapter	157
9.1.2 What you Need to Know	157
9.2 Anti-Virus	158
9.3 IDP/AppPatrol	159
9.4 System Protect	161
Wireless	163
10.1 Overview	163
10.1.1 What You Can Do in this Chapter	163
10.1.2 What You Need to Know	163
10.2 Controller	164
10.3 AP Management	165
10.3.1 Edit AP List	166
10.4 MON Mode	167
10.4.1 Add/Edit Rogue/Friendly List	169
10.5 Load Balancing	170
10.5.1 Disassociating and Delaying Connections	171
10.6 DCS	173
10.7 Technical Reference	174
10.7.1 Dynamic Channel Selection	174
10.7.2 Load Balancing	176
Interfaces	177
11.1 Interface Overview	177
11.1.1 What You Can Do in this Chapter	177
11.1.2 What You Need to Know	177
11.2 Ethernet Summary	178
11.2.1 Edit Ethernet	180
11.2.2 Object References	185
11.3 VLAN Interfaces	186
11.3.1 VLAN Summary	188
11.3.2 Add/Edit VLAN	189
11.4 Technical Reference	193
Policy and Static Routes	197
12.1 Overview	197
12.1.1 What You Can Do in this Chapter	197
12.1.2 What You Need to Know	197
12.2 Policy Route	199
12.2.1 Add/Edit Policy Route	202
12.3 Static Route	206
12.3.1 Static Route Setting	207
12.4 Technical Reference	208
Zones	213
13.1 Overview	213
13.1.1 What You Can Do in this Chapter	214
13.1.2 What You Need to Know	214
13.2 Zone	215
13.3 Add/Edit Zone	216
NAT	217
14.1 Overview	217
14.1.1 What You Can Do in this Chapter	217
14.2 NAT Summary	218
14.2.1 Add/Edit NAT	219
14.3 Technical Reference	222
ALG	225
15.1 Overview	225
15.1.1 What You Can Do in this Chapter	225
15.1.2 What You Need to Know	226
15.1.3 Before You Begin	227
15.2 ALG	228
15.3 Technical Reference	230
IP/MAC Binding	233
16.1 Overview	233
16.1.1 What You Can Do in this Chapter	233
16.1.2 What You Need to Know	234
16.2 IP/MAC Binding Summary	234
16.2.1 Edit IP/MAC Binding	235
16.2.2 Add/Edit Static DHCP Rule	237
16.3 IP/MAC Binding Exempt List	238
Captive Portal	239
17.1 Overview	239
17.1.1 What You Can Do in this Chapter	240
17.2 Captive Portal	240
17.2.1 Add Exceptional Services	242
17.2.2 Auth. Policy Add/Edit	243
17.3 Login Page	245
Firewall	249
18.1 Overview	249
18.1.1 What You Can Do in this Chapter	249
18.1.2 What You Need to Know	250
18.1.3 Firewall Rule Example Applications	252
18.1.4 Firewall Rule Configuration Example	255
18.1.5 Asymmetrical Routes	256
18.2 Firewall	257
18.2.1 Add/Edit Firewall Screen	260
18.3 Session Limit	262
18.3.1 Add/Edit Session Limit	263
Application Patrol	265
19.1 Overview	265
19.1.1 What You Can Do in this Chapter	265
19.1.2 What You Need to Know	266
19.1.3 Application Patrol Bandwidth Management Examples	271
19.2 Application Patrol Common Applications	275
19.2.1 Edit Application	276
19.2.2 Add/Edit Policy	279
19.3 Other Applications	281
19.3.1 Add/Edit Policy	284
Anti-Virus	287
20.1 Overview	287
20.1.1 What You Can Do in this Chapter	287
20.1.2 What You Need to Know	288
20.1.3 Before You Begin	289
20.2 Anti-Virus Summary	290
20.2.1 Add/Edit Rule	293
20.3 Black List	295
20.4 Add/Edit Pattern	296
20.5 White List	298
20.6 Signature	299
20.7 Technical Reference	301
IDP	303
21.1 Overview	303
21.1.1 What You Can Do in this Chapter	303
21.1.2 What You Need To Know	303
21.1.3 Before You Begin	304
21.2 IDP Summary	304
21.3 Profile Summary	307
21.3.1 Base Profiles	308
21.4 Creating New Profiles	309
21.5 Add/Edit Profile	311
21.5.1 Policy Types	314
21.5.2 IDP Service Groups	316
21.5.3 Query View Screen	317
21.5.4 Query Example	319
21.6 Custom IDP Signatures	320
21.6.1 IP Packet Header	320
21.7 Custom Signatures	321
21.7.1 Add/Edit Custom Signature	323
21.7.2 Custom Signature Example	329
21.7.3 Applying Custom Signatures	331
21.7.4 Verifying Custom Signatures	332
21.8 Technical Reference	333
ADP	337
22.1 Overview	337
22.1.1 What You Can Do in this Chapter	337
22.1.2 What You Need To Know	337
22.1.3 Before You Begin	338
22.2 ADP Summary	339
22.3 Profile Summary	340
22.3.1 Base Profiles	341
22.3.2 Creating New ADP Profiles	342
22.3.3 Traffic Anomaly Profiles	342
22.3.4 Protocol Anomaly Profiles	345
22.3.5 Protocol Anomaly Configuration	345
22.4 Technical Reference	349
Device HA	357
23.1 Overview	357
23.1.1 What You Can Do in this Chapter	357
23.1.2 What You Need to Know	358
23.1.3 Before You Begin	358
23.2 Device HA General	359
23.3 Active-Passive Mode	361
23.3.1 Edit Monitored Interface	364
23.4 Technical Reference	366
User/Group	373
24.1 Overview	373
24.1.1 What You Can Do in this Chapter	373
24.1.2 What You Need To Know	373
24.2 User Summary	376
24.2.1 Add/Edit User	376
24.3 Group Summary	379
24.3.1 Add/Edit Group	380
24.4 Setting	381
24.4.1 Edit User Authentication Timeout Settings	384
24.4.2 User Aware Login Example	386
AP Profile	387
25.1 Overview	387
25.1.1 What You Can Do in this Chapter	387
25.1.2 What You Need To Know	387
25.2 Radio	388
25.2.1 Add/Edit Radio Profile	389
25.3 SSID	392
25.3.1 SSID List	392
25.3.2 Security List	396
25.3.3 MAC Filter List	399
MON Profile	401
26.1 Overview	401
26.1.1 What You Can Do in this Chapter	401
26.1.2 What You Need To Know	401
26.2 MON Profile	402
26.2.1 Add/Edit MON Profile	403
26.3 Technical Reference	404
Addresses	407
27.1 Overview	407
27.1.1 What You Can Do in this Chapter	407
27.1.2 What You Need To Know	407
27.2 Address Summary	407
27.2.1 Add/Edit Address	409
27.3 Address Group Summary	410
27.3.1 Add/Edit Address Group Rule	411
Services	413
28.1 Overview	413
28.1.1 What You Can Do in this Chapter	413
28.1.2 What You Need to Know	413
28.2 Service Summary	415
28.2.1 Add/Edit Service Rule	416
28.3 Service Group Summary	417
28.3.1 Add/Edit Service Group Rule	418
Schedules	419
29.1 Overview	419
29.1.1 What You Can Do in this Chapter	419
29.1.2 What You Need to Know	419
29.2 Schedule Summary	420
29.2.1 Add/Edit Schedule One-Time Rule	421
29.2.2 Add/Edit Schedule Recurring Rule	422
AAA Server	425
30.1 Overview	425
30.1.1 What You Can Do in this Chapter	425
30.1.2 What You Need To Know	425
30.2 Active Directory / LDAP	429
30.2.1 Add/Edit Active Directory / LDAP Server	430
30.3 RADIUS	433
30.3.1 Add/Edit RADIUS	434
Authentication Method	437
31.1 Overview	437
31.1.1 What You Can Do in this Chapter	437
31.1.2 Before You Begin	437
31.2 Authentication Method	437
31.2.1 Add Authentication Method	438
Certificates	441
32.1 Overview	441
32.1.1 What You Can Do in this Chapter	441
32.1.2 What You Need to Know	441
32.1.3 Verifying a Certificate	443
32.2 My Certificates	445
32.2.1 Add My Certificates	447
32.2.2 Edit My Certificates	451
32.2.3 Import Certificates	454
32.3 Trusted Certificates	455
32.3.1 Edit Trusted Certificates	457
32.3.2 Import Trusted Certificates	460
32.4 Technical Reference	461
System	463
33.1 Overview	463
33.1.1 What You Can Do in this Chapter	463
33.2 Host Name	464
33.3 Date and Time	464
33.3.1 Pre-defined NTP Time Servers List	467
33.3.2 Time Server Synchronization	468
33.4 Console Speed	469
33.5 DNS Overview	469
33.5.1 DNS Server Address Assignment	469
33.5.2 Configuring the DNS Screen	470
33.5.3 Address Record	472
33.5.4 PTR Record	473
33.5.5 Adding an Address/PTR Record	473
33.5.6 Domain Zone Forwarder	474
33.5.7 Add Domain Zone Forwarder	474
33.5.8 MX Record	475
33.5.9 Add MX Record	476
33.5.10 Add Service Control	476
33.6 WWW Overview	477
33.6.1 Service Access Limitations	477
33.6.2 System Timeout	478
33.6.3 HTTPS	478
33.6.4 Configuring WWW Service Control	479
33.6.5 Service Control Rules	483
33.6.6 HTTPS Example	483
33.7 SSH	490
33.7.1 How SSH Works	491
33.7.2 SSH Implementation on the NXC	492
33.7.3 Requirements for Using SSH	492
33.7.4 Configuring SSH	493
33.7.5 Examples of Secure Telnet Using SSH	494
33.8 Telnet	496
33.9 FTP	497
33.10 SNMP	500
33.10.1 Supported MIBs	501
33.10.2 SNMP Traps	501
33.10.3 Configuring SNMP	502
33.11 Language	503
Log and Report	505
34.1 Overview	505
34.1.1 What You Can Do In this Chapter	505
34.2 Email Daily Report	505
34.3 Log Setting	507
34.3.1 Log Setting Summary	508
34.3.2 Edit Log Settings	510
34.3.3 Edit Remote Server	514
34.3.4 Active Log Summary	516
File Manager	519
35.1 Overview	519
35.1.1 What You Can Do in this Chapter	519
35.1.2 What you Need to Know	519
35.2 Configuration File	522
35.3 Firmware Package	525
35.4 Shell Script	527
Diagnostics	531
36.1 Overview	531
36.1.1 What You Can Do in this Chapter	531
36.2 Diagnostics	531
36.3 Packet Capture	532
36.3.1 Packet Capture Files	534
36.3.2 Example of Viewing a Packet Capture File	535
36.4 Wireless Frame Capture	536
36.4.1 Wireless Frame Capture Files	538
Reboot	539
37.1 Overview	539
37.1.1 What You Need To Know	539
37.2 Reboot	539
Shutdown	541
38.1 Overview	541
38.1.1 What You Need To Know	541
38.2 Shutdown	541
Troubleshooting	543
39.1 Overview	543
39.1.1 General	543
39.1.2 Wireless	555
39.2 Resetting the NXC	557
39.3 Getting More Troubleshooting Help	557
Product Specifications	559
Log Descriptions	565
Common Services	613
Displaying Anti-Virus Alert Messages in Windows	617
Importing Certificates	619
Wireless LANs	633
Open Software Announcements	647
Legal Information	699