ZyXEL UAG715 User Guide - Page 321
Creating New ADP Profiles, Traffic Anomaly Profiles
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 321 highlights
Chapter 27 ADP Table 122 Base Profiles (continued) BASE PROFILE DESCRIPTION all All traffic anomaly and protocol anomaly rules are enabled. Rules with a high or severe severity level (greater than three) generate log alerts and cause packets that trigger them to be dropped. Rules with a very low, low or medium severity level (less than or equal to three) generate logs (not log alerts) and no action is taken on packets that trigger them. Cancel Click Cancel to exit this screen without saving your changes. 27.3.3 Creating New ADP Profiles You may want to create a new profile if not all rules in a base profile are applicable to your network. In this case you should disable non-applicable rules so as to improve UAG ADP processing efficiency. You may also find that certain rules are triggering too many false positives or false negatives. A false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is wrongly allowed to pass through the UAG. As each network is different, false positives and false negatives are common on initial ADP deployment. You could create a new 'monitor profile' that creates logs but all actions are disabled. Observe the logs over time and try to eliminate the causes of the false alarms. When you're satisfied that they have been reduced to an acceptable level, you could then create an 'inline profile' whereby you configure appropriate actions to be taken when a packet matches a rule. ADP profiles consist of traffic anomaly rules and protocol anomaly rules. To create a new profile, select a base profile (see Table 122 on page 320) and then click OK to go to the profile details screen. Type a new profile name, enable or disable individual rules and then edit the default log options and actions. 27.3.4 Traffic Anomaly Profiles The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly detection looks for abnormal behavior such as scan or flooding attempts. In the Configuration > Anti-X > ADP > Profile screen, click the Edit icon or click the Add icon and choose a base profile. If you made changes to other screens belonging to this profile, make sure you have clicked OK or Save to save the changes before selecting the Traffic Anomaly tab. UAG715 User's Guide 321