Home » ZyXEL Manuals » Networking » ZyXEL UAG715 » Manual Viewer

ZyXEL UAG715 User Guide - Page 321

Creating New ADP Profiles, Traffic Anomaly Profiles

Add to My Manuals
Save this manual to your list of manuals

Page 321 highlights

Chapter 27 ADP Table 122 Base Profiles (continued) BASE PROFILE DESCRIPTION all All traffic anomaly and protocol anomaly rules are enabled. Rules with a high or severe severity level (greater than three) generate log alerts and cause packets that trigger them to be dropped. Rules with a very low, low or medium severity level (less than or equal to three) generate logs (not log alerts) and no action is taken on packets that trigger them. Cancel Click Cancel to exit this screen without saving your changes. 27.3.3 Creating New ADP Profiles You may want to create a new profile if not all rules in a base profile are applicable to your network. In this case you should disable non-applicable rules so as to improve UAG ADP processing efficiency. You may also find that certain rules are triggering too many false positives or false negatives. A false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is wrongly allowed to pass through the UAG. As each network is different, false positives and false negatives are common on initial ADP deployment. You could create a new 'monitor profile' that creates logs but all actions are disabled. Observe the logs over time and try to eliminate the causes of the false alarms. When you're satisfied that they have been reduced to an acceptable level, you could then create an 'inline profile' whereby you configure appropriate actions to be taken when a packet matches a rule. ADP profiles consist of traffic anomaly rules and protocol anomaly rules. To create a new profile, select a base profile (see Table 122 on page 320) and then click OK to go to the profile details screen. Type a new profile name, enable or disable individual rules and then edit the default log options and actions. 27.3.4 Traffic Anomaly Profiles The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly detection looks for abnormal behavior such as scan or flooding attempts. In the Configuration > Anti-X > ADP > Profile screen, click the Edit icon or click the Add icon and choose a base profile. If you made changes to other screens belonging to this profile, make sure you have clicked OK or Save to save the changes before selecting the Traffic Anomaly tab. UAG715 User's Guide 321

Section	Page
UAG715	1
Contents Overview	3
Table of Contents	5
Introduction	19
1.1 Overview	19
1.1.1 Key Applications	19
1.2 Default Zones, Interfaces, and Ports	21
1.3 Management Overview	22
1.4 Web Configurator	22
1.4.1 Web Configurator Access	23
1.4.2 Web Configurator Screens Overview	23
1.4.3 Navigation Panel	26
1.4.4 Tables and Lists	30
1.5 Stopping the UAG	33
Hardware Installation and Connection	34
2.1 Rack-mounting	34
2.2 Front Panel	35
2.2.1 Front Panel LEDs	36
2.3 Rear Panel	36
Installation Setup Wizard	37
3.1 Installation Setup Wizard Screens	37
3.1.1 Internet Access Setup - WAN Interface	37
3.1.2 Internet Access: Ethernet	38
3.1.3 Internet Access: PPPoE	39
3.1.4 Internet Access: PPTP	41
3.1.5 ISP Parameters	41
3.1.6 Internet Access Setup - Second WAN Interface	42
3.1.7 Internet Access - Finish	43
3.2 Device Registration	44
Quick Setup Wizards	47
4.1 Quick Setup Overview	47
4.2 WAN Interface Quick Setup	47
4.2.1 Choose an Ethernet Interface	48
4.2.2 Select WAN Type	48
4.2.3 Configure WAN Settings	49
4.2.4 WAN and ISP Connection Settings	49
4.2.5 Quick Setup Interface Wizard: Summary	51
4.3 VPN Setup Wizard	52
4.3.1 Welcome	53
4.3.2 VPN Setup Wizard: Wizard Type	53
4.3.3 VPN Express Wizard - Scenario	54
4.3.4 VPN Express Wizard - Configuration	55
4.3.5 VPN Express Wizard - Summary	56
4.3.6 VPN Express Wizard - Finish	56
4.3.7 VPN Advanced Wizard - Scenario	57
4.3.8 VPN Advanced Wizard - Phase 1 Settings	58
4.3.9 VPN Advanced Wizard - Phase 2	59
4.3.10 VPN Advanced Wizard - Summary	60
4.3.11 VPN Advanced Wizard - Finish	61
Dashboard	63
5.1 Overview	63
5.1.1 What You Can Do in this Chapter	63
5.2 The Dashboard Screen	63
5.2.1 The CPU Usage Screen	68
5.2.2 The Memory Usage Screen	68
5.2.3 The Active Sessions Screen	69
5.2.4 The VPN Status Screen	70
5.2.5 The DHCP Table Screen	70
5.2.6 The Number of Login Users Screen	71
Monitor	73
6.1 Overview	73
6.1.1 What You Can Do in this Chapter	73
6.2 The Port Statistics Screen	74
6.2.1 The Port Statistics Graph Screen	75
6.3 Interface Status Screen	76
6.4 The Traffic Statistics Screen	78
6.5 The Session Monitor Screen	80
6.6 The DDNS Status Screen	82
6.7 IP/MAC Binding Monitor	83
6.8 The Login Users Screen	83
6.9 USB Storage Screen	84
6.10 VPN 1-1 Mapping Status	85
6.11 VPN 1-1 Mapping Statistics	86
6.12 The IPSec Monitor Screen	87
6.12.1 Regular Expressions in Searching IPSec SAs	88
6.13 The SSL Connection Monitor Screen	88
6.14 The Content Filter Statistics Screen	89
6.15 Content Filter Cache Screen	91
6.16 Log Screen	93
Registration	97
7.1 Overview	97
7.1.1 What You Can Do in this Chapter	97
7.1.2 What you Need to Know	97
7.2 Registration Screen	98
7.3 Service Screen	100
Interfaces	103
8.1 Interface Overview	103
8.1.1 What You Can Do in this Chapter	103
8.1.2 What You Need to Know	103
8.2 Port Role Screen	106
8.3 Ethernet Summary Screen	107
8.3.1 Ethernet Edit	108
8.3.2 Object References	115
8.4 PPP Interfaces	115
8.4.1 PPP Interface Summary	116
8.4.2 PPP Interface Add or Edit	117
8.5 VLAN Interfaces	121
8.5.1 VLAN Summary Screen	122
8.5.2 VLAN Add/Edit	123
8.6 Bridge Interfaces	128
8.6.1 Bridge Summary	130
8.6.2 Bridge Add/Edit	131
8.7 Virtual Interfaces	136
8.7.1 Virtual Interfaces Add/Edit	136
8.8 Interface Technical Reference	137
Trunks	143
9.1 Overview	143
9.1.1 What You Can Do in this Chapter	143
9.1.2 What You Need to Know	143
9.2 The Trunk Summary Screen	146
9.2.1 Configuring a User-Defined Trunk	148
9.2.2 Configuring the System Default Trunk	150
Policy and Static Routes	153
10.1 Policy and Static Routes Overview	153
10.1.1 What You Can Do in this Chapter	153
10.1.2 What You Need to Know	154
10.2 Policy Route Screen	155
10.2.1 Policy Route Edit Screen	157
10.3 IP Static Route Screen	161
10.3.1 Static Route Add/Edit Screen	162
10.4 Policy Routing Technical Reference	163
Routing Protocols	165
11.1 Routing Protocols Overview	165
11.1.1 What You Can Do in this Chapter	165
11.1.2 What You Need to Know	165
11.2 The RIP Screen	165
11.3 The OSPF Screen	167
11.3.1 Configuring the OSPF Screen	170
11.3.2 OSPF Area Add/Edit Screen	172
11.3.3 Virtual Link Add/Edit Screen	174
11.4 Routing Protocol Technical Reference	174
Zones	177
12.1 Zones Overview	177
12.1.1 What You Can Do in this Chapter	177
12.1.2 What You Need to Know	177
12.2 The Zone Screen	178
12.3 Zone Edit	179
DDNS	181
13.1 DDNS Overview	181
13.1.1 What You Can Do in this Chapter	181
13.1.2 What You Need to Know	181
13.2 The DDNS Screen	182
13.2.1 The Dynamic DNS Add/Edit Screen	183
NAT	187
14.1 NAT Overview	187
14.1.1 What You Can Do in this Chapter	187
14.1.2 What You Need to Know	187
14.2 The NAT Screen	188
14.2.1 The NAT Add/Edit Screen	189
14.3 NAT Technical Reference	191
VPN 1-1 Mapping	195
15.1 VPN 1-1 Mapping Overview	195
15.1.1 What You Can Do in this Chapter	195
15.1.2 What You Need to Know	196
15.2 The VPN 1-1 Mapping Screen	196
15.2.1 The VPN 1-1 Mapping Edit Screen	197
15.3 The VPN 1-1 Mapping Profile Screen	198
HTTP Redirect	201
16.1 Overview	201
16.1.1 What You Can Do in this Chapter	201
16.1.2 What You Need to Know	201
16.2 The HTTP Redirect Screen	202
16.2.1 The HTTP Redirect Edit Screen	203
SMTP Redirect	205
17.1 Overview	205
17.1.1 What You Can Do in this Chapter	205
17.1.2 What You Need to Know	205
17.2 The SMTP Redirect Screen	206
17.2.1 The SMTP Redirect Edit Screen	207
ALG	209
18.1 ALG Overview	209
18.1.1 What You Can Do in this Chapter	209
18.1.2 What You Need to Know	209
18.1.3 Before You Begin	212
18.2 The ALG Screen	212
18.3 ALG Technical Reference	214
IP/MAC Binding	217
19.1 IP/MAC Binding Overview	217
19.1.1 What You Can Do in this Chapter	217
19.1.2 What You Need to Know	217
19.2 IP/MAC Binding Summary	218
19.2.1 IP/MAC Binding Edit	219
19.2.2 Static DHCP Edit	220
19.3 IP/MAC Binding Exempt List	220
Web Authentication	223
20.1 Overview	223
20.1.1 What You Can Do in this Chapter	224
20.1.2 What You Need to Know	224
20.2 Web Authentication Screen	225
20.2.1 Creating/Editing an Authentication Policy	228
20.3 User-aware Access Control Example	230
20.3.1 Set Up User Accounts	230
20.3.2 Set Up User Groups	231
20.3.3 Set Up User Authentication Using the RADIUS Server	231
20.3.4 User Group Authentication Using the RADIUS Server	234
20.4 Endpoint Security (EPS) Example	235
20.4.1 Configure the Endpoint Security Objects	235
20.4.2 Configure the Authentication Policy	237
Firewall	239
21.1 Overview	239
21.1.1 What You Can Do in this Chapter	239
21.1.2 What You Need to Know	239
21.2 The Firewall Screen	242
21.2.1 Configuring the Firewall Screen	242
21.2.2 The Firewall Add/Edit Screen	245
21.3 The Session Limit Screen	246
21.3.1 The Session Limit Add/Edit Screen	247
21.4 Firewall Rule Configuration Example	248
21.5 Firewall Rule Example Applications	250
IPSec VPN	253
22.1 Virtual Private Networks (VPN) Overview	253
22.1.1 What You Can Do in this Chapter	254
22.1.2 What You Need to Know	254
22.1.3 Before You Begin	256
22.2 The VPN Connection Screen	256
22.2.1 The VPN Connection Add/Edit (IKE) Screen	257
22.2.2 The VPN Connection Add/Edit Manual Key Screen	263
22.3 The VPN Gateway Screen	265
22.3.1 The VPN Gateway Add/Edit Screen	266
22.4 IPSec VPN Background Information	272
SSL VPN	285
23.1 Overview	285
23.1.1 What You Can Do in this Chapter	285
23.1.2 What You Need to Know	285
23.2 The SSL Access Privilege Screen	286
23.2.1 The SSL Access Policy Add/Edit Screen	287
23.3 The SSL Global Setting Screen	290
23.3.1 How to Upload a Custom Logo	292
23.4 SSL VPN Example	293
SSL User Screens	295
24.1 Overview	295
24.1.1 What You Need to Know	295
24.2 Remote SSL User Login	296
24.3 The SSL VPN User Screens	299
24.4 Bookmarking the UAG	300
24.5 Logging Out of the SSL VPN User Screens	301
24.6 SSL User Application Screen	301
ZyWALL SecuExtender	303
25.1 The ZyWALL SecuExtender Icon	303
25.2 Status	303
25.3 View Log	304
25.4 Suspend and Resume the Connection	305
25.5 Stop the Connection	305
25.6 Uninstalling the ZyWALL SecuExtender	305
Bandwidth Management	307
26.1 Overview	307
26.1.1 What You Can Do in this Chapter	307
26.1.2 What You Need to Know	307
26.2 The Bandwidth Management Screen	311
26.2.1 The Bandwidth Management Add/Edit Screen	313
ADP	317
27.1 Overview	317
27.1.1 What You Can Do in this Chapter	317
27.1.2 What You Need To Know	317
27.1.3 Before You Begin	318
27.2 The ADP General Screen	318
27.3 The Profile Summary Screen	319
27.3.1 Configuring The ADP Profile Summary Screen	319
27.3.2 Base Profiles	320
27.3.3 Creating New ADP Profiles	321
27.3.4 Traffic Anomaly Profiles	321
27.3.5 Protocol Anomaly Profiles	324
27.3.6 Protocol Anomaly Configuration	324
27.4 ADP Technical Reference	327
Content Filtering	333
28.1 Overview	333
28.1.1 What You Can Do in this Chapter	333
28.1.2 What You Need to Know	333
28.1.3 Before You Begin	334
28.2 Content Filter General Screen	335
28.2.1 Content Filter Policy Add or Edit Screen	337
28.3 Content Filter Profile Screen	338
28.4 Content Filter Category Service Screen	339
28.4.1 Content Filter Blocked and Warning Messages	350
28.5 Content Filter Custom Service Screen	350
28.6 Content Filter Technical Reference	353
User/Group	355
29.1 Overview	355
29.1.1 What You Can Do in this Chapter	355
29.1.2 What You Need To Know	355
29.2 User Summary Screen	357
29.2.1 User Add/Edit Screen	358
29.3 User Group Summary Screen	360
29.3.1 Group Add/Edit Screen	361
29.4 The User/Group Setting Screen	362
29.4.1 Default User Settings Edit Screens	364
29.4.2 User Aware Login Example	365
29.5 User /Group Technical Reference	366
Addresses	368
30.1 Overview	368
30.1.1 What You Can Do in this Chapter	368
30.1.2 What You Need To Know	368
30.2 Address Summary Screen	368
30.2.1 Address Add/Edit Screen	369
30.3 Address Group Summary Screen	370
30.3.1 Address Group Add/Edit Screen	371
Services	373
31.1 Overview	373
31.1.1 What You Can Do in this Chapter	373
31.1.2 What You Need to Know	373
31.2 The Service Summary Screen	374
31.2.1 The Service Add/Edit Screen	375
31.3 The Service Group Summary Screen	376
31.3.1 The Service Group Add/Edit Screen	376
Schedules	378
32.1 Overview	378
32.1.1 What You Can Do in this Chapter	378
32.1.2 What You Need to Know	378
32.2 The Schedule Summary Screen	379
32.2.1 The One-Time Schedule Add/Edit Screen	380
32.2.2 The Recurring Schedule Add/Edit Screen	381
AAA Server	382
33.1 Overview	382
33.1.1 Directory Service (AD/LDAP)	382
33.1.2 RADIUS Server	382
33.1.3 What You Can Do in this Chapter	383
33.1.4 What You Need To Know	383
33.2 Active Directory or LDAP Server Summary	384
33.2.1 Adding an Active Directory or LDAP Server	385
33.3 RADIUS Server Summary	387
33.3.1 Adding a RADIUS Server	388
Authentication Method	390
34.1 Overview	390
34.1.1 What You Can Do in this Chapter	390
34.1.2 Before You Begin	390
34.1.3 Example: Selecting a VPN Authentication Method	390
34.2 Authentication Method Objects	391
34.2.1 Creating an Authentication Method Object	391
Certificates	394
35.1 Overview	394
35.1.1 What You Can Do in this Chapter	394
35.1.2 What You Need to Know	394
35.1.3 Verifying a Certificate	396
35.2 The My Certificates Screen	397
35.2.1 The My Certificates Add Screen	398
35.2.2 The My Certificates Edit Screen	401
35.2.3 The My Certificates Import Screen	404
35.3 The Trusted Certificates Screen	405
35.3.1 The Trusted Certificates Edit Screen	406
35.3.2 The Trusted Certificates Import Screen	409
ISP Accounts	411
36.1 Overview	411
36.1.1 What You Can Do in this Chapter	411
36.2 ISP Account Summary	411
36.2.1 ISP Account Edit	412
SSL Application	414
37.1 Overview	414
37.1.1 What You Can Do in this Chapter	414
37.1.2 What You Need to Know	414
37.1.3 Example: Specifying a Web Site for Access	415
37.2 The SSL Application Screen	416
37.2.1 Creating/Editing an SSL Application Object	417
Endpoint Security	419
38.1 Overview	419
38.1.1 What You Can Do in this Chapter	419
38.1.2 What You Need to Know	420
38.2 Endpoint Security Screen	420
38.3 Endpoint Security Add/Edit	421
System	427
39.1 Overview	427
39.1.1 What You Can Do in this Chapter	427
39.2 Host Name	428
39.3 USB Storage	428
39.4 Date and Time	429
39.4.1 Pre-defined NTP Time Servers List	432
39.4.2 Time Server Synchronization	432
39.5 Console Port Speed	433
39.6 DNS Overview	434
39.6.1 DNS Server Address Assignment	434
39.6.2 Configuring the DNS Screen	434
39.6.3 Address Record	436
39.6.4 PTR Record	436
39.6.5 Adding an Address/PTR Record	436
39.6.6 Domain Zone Forwarder	437
39.6.7 Adding a Domain Zone Forwarder	437
39.6.8 MX Record	438
39.6.9 Adding a MX Record	438
39.6.10 Adding a DNS Service Control Rule	439
39.7 WWW Overview	439
39.7.1 Service Access Limitations	440
39.7.2 System Timeout	440
39.7.3 HTTPS	440
39.7.4 Configuring WWW Service Control	441
39.7.5 Service Control Rules	444
39.7.6 Customizing the WWW Login Page	445
39.7.7 HTTPS Example	449
39.8 SSH	456
39.8.1 How SSH Works	457
39.8.2 SSH Implementation on the UAG	458
39.8.3 Requirements for Using SSH	458
39.8.4 Configuring SSH	458
39.8.5 Secure Telnet Using SSH Examples	459
39.9 Telnet	461
39.9.1 Configuring Telnet	461
39.10 FTP	462
39.10.1 Configuring FTP	462
39.11 SNMP	463
39.11.1 Supported MIBs	464
39.11.2 SNMP Traps	465
39.11.3 Configuring SNMP	465
Log and Report	467
40.1 Overview	467
40.1.1 What You Can Do In this Chapter	467
40.2 Email Daily Report	467
40.3 Log Setting Screens	469
40.3.1 Log Setting Summary	469
40.3.2 Edit System Log Settings	471
40.3.3 Edit Log on USB Storage Setting	473
40.3.4 Edit Remote Server Log Settings	475
40.3.5 Active Log Summary Screen	477
File Manager	481
41.1 Overview	481
41.1.1 What You Can Do in this Chapter	481
41.1.2 What you Need to Know	481
41.2 The Configuration File Screen	483
41.3 The Firmware Package Screen	487
41.4 The Shell Script Screen	489
Diagnostics	492
42.1 Overview	492
42.1.1 What You Can Do in this Chapter	492
42.2 The Diagnostics Screen	492
42.2.1 The Diagnostics Files Screen	493
42.3 The Packet Capture Screen	494
42.3.1 The Packet Capture Files Screen	496
42.4 Core Dump Screen	497
42.4.1 Core Dump Files Screen	497
42.5 The System Log Screen	498
Packet Flow Explore	500
43.1 Overview	500
43.1.1 What You Can Do in this Chapter	500
43.2 The Routing Status Screen	500
43.3 The SNAT Status Screen	505
Reboot	509
44.1 Overview	509
44.1.1 What You Need To Know	509
44.2 The Reboot Screen	509
Shutdown	510
45.1 Overview	510
45.1.1 What You Need To Know	510
45.2 The Shutdown Screen	510
Troubleshooting	511
46.1 Resetting the UAG	519
46.2 Getting More Troubleshooting Help	520
Legal Information	521

Match case Limit results 1 per page

Chapter 27 ADP

UAG715 User’s Guide

321

27.3.3

Creating New ADP Profiles

You may want to create a new profile if not all rules in a base profile are applicable to your network.

In this case you should disable non-applicable rules so as to improve UAG ADP processing

efficiency.

You may also find that certain rules are triggering too many false positives or false negatives. A

false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is

wrongly allowed to pass through the UAG. As each network is different, false positives and false

negatives are common on initial ADP deployment.

You could create a new ‘monitor profile’ that creates logs but all actions are disabled. Observe the

logs over time and try to eliminate the causes of the false alarms. When you’re satisfied that they

have been reduced to an acceptable level, you could then create an ‘inline profile’ whereby you

configure appropriate actions to be taken when a packet matches a rule.

ADP profiles consist of traffic anomaly rules and protocol anomaly rules. To create a new profile,

select a base profile (see

Table 122 on page 320

) and then click

to go to the profile details

screen. Type a new profile name, enable or disable individual rules and then edit the default log

options and actions.

27.3.4

Traffic Anomaly Profiles

The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly detection looks

for abnormal behavior such as scan or flooding attempts. In the

Configuration > Anti-X > ADP >

Profile

screen, click the

Edit

icon or click the

Add

icon and choose a base profile. If you made

changes to other screens belonging to this profile, make sure you have clicked

Save

to save

the changes before selecting the

Traffic Anomaly

tab.

all

All traffic anomaly and protocol anomaly rules are enabled. Rules with a high or severe

severity level (greater than three) generate log alerts and cause packets that trigger

them to be dropped. Rules with a very low, low or medium severity level (less than or

equal to three) generate logs (not log alerts) and no action is taken on packets that

trigger them.

Cancel

Click

Cancel

to exit this screen without saving your changes.

Table 122

Base Profiles

(continued)

BASE PROFILE

DESCRIPTION