Home » ZyXEL Manuals » Networking » ZyXEL Vantage CNM » Manual Viewer

ZyXEL Vantage CNM User Guide - Page 179

Configuring IDP Signatures

Get ZyXEL Vantage CNM PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 179 highlights

Chapter 6 Device Security Settings to be taken when a packet or stream matches a signature. The following figure and table describes these actions. Note that in addition to these actions, a log may be generated or an alert sent, if those check boxes are selected and the signature is enabled. Figure 71 Device Operation > Device Configuration > Security > IDP > Signature > Actions The following table describes signature actions. Table 64 Device Operation > Device Configuration > Security > IDP > Signature > Actions ACTION DESCRIPTION No Action The intrusion is detected but no action is taken. Drop Packet The packet is silently discarded. Drop Session When the firewall is enabled, subsequent TCP/IP packets belonging to the same connection are dropped. Neither sender nor receiver are sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Sender When the firewall is enabled, the TCP/IP connection is silently torn down. Just the sender is sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Receiver When the firewall is enabled, the TCP/IP connection is silently torn down. Just the receiver is sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Both When the firewall is enabled, the TCP/IP connection is silently torn down. Both sender and receiver are sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. 6.9.4 Configuring IDP Signatures Use this screen to see the device's "group view" signature screen where you can view signatures by attack type. To search for signatures based on other criteria such as signature name or ID, then click the Switch to query view link to go to the "query view" screen. You can take actions on these signatures as described in Section 6.9.3 on page 178. To revert to the default actions or to save sets of actions, go to the Device Vantage CNM User's Guide 179

Section	Page
Vantage CNM	1
About This User's Guide	3
Document Conventions	5
Contents Overview	7
Introducing Vantage CNM	21
1.1 Overview	21
1.2 Ways to Manage Vantage CNM	22
1.3 Suggestions for Using Vantage CNM	22
Introduction	23
GUI Introduction	25
2.1 Menu Bar	26
2.2 Title Bar	27
2.3 Device Window	27
2.3.1 Topology	27
2.3.2 Device Search	36
2.4 Navigation Panel and Configuration Window	37
2.5 Security Risk Pop-up Messages in Internet Explorer 7.0	41
Device Configuration (ZyNOS and Prestige)	45
Load or Save Building Blocks (BB)	47
3.1 Load or Save BB	47
Device General Settings	51
4.1 System	51
4.2 Time Setting	52
Device Network Settings	55
5.1 LAN (ZyNOS ZyWALL)	55
5.2 LAN (Prestige)	59
5.2.1 Static DHCP	62
5.2.2 IP Alias	63
5.3 WAN General (ZyNOS ZyWALL)	65
5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port)	69
5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports)	78
5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN)	87
5.3.4 Dial Backup (ZyNOS ZyWALL)	96
5.3.5 Advanced Modem Setup (ZyNOS ZyWALL)	98
5.3.6 Edit Dial Backup (ZyNOS ZyWALL)	100
5.3.7 WAN Setup (Prestige)	102
5.3.8 WAN Backup (Prestige)	106
5.3.9 Advanced WAN Backup (Prestige)	109
5.3.10 Advanced Modem Setup (Prestige)	111
5.4 Wireless Card	112
5.4.1 Wireless and Wireless Security Settings	112
5.4.2 Advanced Wireless Security Settings	115
5.4.3 MAC Filter	121
Device Security Settings	123
6.1 Firewall	123
6.1.1 Default Rule	123
6.1.2 Rule Summary	126
6.1.3 Add/Edit a Rule	128
6.1.4 Anti-Probing	131
6.1.5 Threshold	132
6.1.6 Service	135
6.1.7 Add/Edit Service	135
6.2 VPN	137
6.3 IPSec High Availability	137
6.3.1 VPN Rules (IKE)	138
6.3.2 Add/Edit an IKE Gateway Policy	139
6.3.3 Add/Edit an IKE Network Policy	148
6.3.4 Move an IKE Network Policy	154
6.3.5 VPN Rules (Manual)	154
6.3.6 Add/Edit an Manual VPN Rule	157
6.3.7 VPN Global Setting	160
6.4 Anti-Virus	162
6.4.1 General Anti-Virus Setup	162
6.5 Anti-Spam	164
6.5.1 Anti-Spam General Screen	164
6.5.2 Anti-Spam External DB Screen	167
6.6 Anti-Spam Lists Screen	170
6.6.1 Anti-Spam Lists Edit Screen	171
6.7 IDP	174
6.8 General Setup	174
6.9 IDP Signatures	176
6.9.1 Attack Types	176
6.9.2 Intrusion Severity	178
6.9.3 Signature Actions	178
6.9.4 Configuring IDP Signatures	179
6.9.5 Query View	181
6.9.6 Protocol Anomaly	184
6.10 Signature Update	186
6.11 Content Filter	189
6.12 Content Filter General Screen	189
6.13 Content Filter Policy	193
6.13.1 Content Filter Policy: General	194
6.13.2 Content Filter Policy: External Database	197
6.13.3 Content Filter Policy: Customization	204
6.13.4 Content Filter Policy: Schedule	207
6.14 Content Filter Objects	208
6.15 Content Filtering Cache	210
6.16 X Auth	211
6.16.1 Local User Database	211
6.16.2 RADIUS	212
Device Advanced Settings	215
7.0.1 NAT	215
7.1 NAT	215
7.2 Port Forwarding	218
7.3 Address Mapping	219
7.3.1 Edit an Address Mapping Rule	221
7.4 Trigger Port	222
7.4.1 Edit a Trigger Port Rule	223
7.5 Static Route	224
7.6 Static Route	224
7.6.1 Edit a Static Route	226
7.7 DNS	227
7.8 Address Record	227
7.8.1 Add/Edit an Address Record	228
7.9 Name Server Record	229
7.9.1 Add/Edit a Name Server Record	230
7.10 Cache	232
7.11 DDNS	233
7.12 DHCP	235
7.13 Remote MGMT	236
7.14 Remote MGMT	236
Device Log	241
8.1 Device Log	241
Device Configuration (ZLD)	245
Device Network Settings	247
9.1 Ethernet (ZLD ZyWALL)	247
9.1.1 Ethernet Edit	248
9.1.2 Adding Virtual Interfaces	255
9.2 WLAN General	256
9.2.1 WLAN Add/Edit Screen	259
9.2.2 WLAN Add/Edit: WEP Security	265
9.2.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security	266
9.2.4 WLAN Add/Edit: WPA/WPA2 Security	267
9.2.5 WLAN Interface MAC Filter	269
9.2.6 MAC Filter Add/Edit Screen	271
9.3 VLAN Summary Screen	272
9.3.1 VLAN Add/Edit	272
9.4 Bridge Summary	277
9.4.1 Bridge Add/Edit	278
9.5 PPPoE/PPTP Interface Summary	283
9.5.1 PPPoE/PPTP Interface Edit	284
9.6 Auxiliary Interface	290
9.7 The Trunk Summary Screen	292
9.8 Configuring a Trunk	294
9.8.1 The Trunk Member List Screen	297
9.9 Interface Summary Screen	298
9.10 Policy Route Screen	300
9.10.1 Policy Route Edit Screen	303
9.11 IP Static Route Screen	306
9.11.1 Static Route Add/Edit Screen	307
9.12 The RIP Screen	308
9.13 The OSPF Screen	310
9.13.1 The OSPF Area Add/Edit Screen	312
Firewall	315
10.1 The Firewall Screen	315
10.1.1 The Firewall Edit Screen	318
10.2 The Session Limit Screen	319
10.2.1 The Session Limit Add/Edit Screen	321
IPSec VPN	323
11.1 The IPSec VPN Connection Screen	323
11.1.1 The IPSec VPN Connection Add/Edit Screen	325
11.1.2 IPSec VPN Connection Add/Edit (Manual Key)	331
11.2 The VPN Gateway Screen	335
11.2.1 The VPN Gateway Add/Edit Screen	336
11.3 The VPN Concentrator Screen	343
11.3.1 The VPN Concentrator Add/Edit Screen	345
SSL VPN	347
12.1 Overview	347
12.2 The SSL Access Privilege Screen	347
12.2.1 The SSL Access Policy Add/Edit Screen	349
12.3 The SSL Global Setting Screen	351
L2TP VPN	353
13.1 Overview	353
13.2 L2TP VPN Screen	353
Object	357
14.1 User Summary Screen	357
14.1.1 User Add/Edit Screen	358
14.2 User Group Summary Screen	360
14.2.1 Group Add/Edit Screen	361
14.3 Setting Screen	362
14.3.1 Default User Authentication Timeout Settings Edit Screens	366
14.3.2 Force User Authentication Policy Add/Edit Screen	368
14.4 Address Summary Screen	369
14.4.1 Address Add/Edit Screen	370
14.4.2 Address Group Summary Screen	371
14.4.3 Address Group Add/Edit Screen	373
14.5 The Service Summary Screen	374
14.5.1 The Service Add/Edit Screen	375
14.6 The Service Group Summary Screen	376
14.6.1 The Service Group Add/Edit Screen	378
14.7 The Schedule Summary Screen	379
14.7.1 The One-Time Schedule Add/Edit Screen	380
14.7.2 The Recurring Schedule Add/Edit Screen	381
AAA	385
15.1 Configuring Active Directory or LDAP Default Server Settings	385
15.2 Active Directory or LDAP Group Summary Screen	386
15.2.1 Creating an Active Directory or LDAP Group	388
15.3 Configuring a Default RADIUS Server	390
15.3.1 Configuring a Group of RADIUS Servers	391
15.3.2 Adding a RADIUS Server Member	392
15.4 Viewing Authentication Method Objects	393
15.5 Creating an Authentication Method Object	394
15.6 The My Certificates Screen	396
15.7 ISP Account Summary	397
15.7.1 ISP Account Edit	398
15.8 The SSL Application Screen	400
15.8.1 Creating/Editing a Web-based SSL Application Object	401
15.8.2 Creating/Editing a File Sharing SSL Application Object	403
Maintenance	405
16.1 Edit Remote Server Log Settings	405
Configuration, Firmware and Licence Management	407
Configuration Management	409
17.1 Synchronization (Device)	409
17.2 Synchronization (Folder)	411
17.3 Configuration File Management	412
17.3.1 Backup & Restore (Device)	413
17.3.2 Backup a Device	414
17.3.3 Backup & Restore (Folder)	415
17.3.4 Group Backup (Folder)	416
17.3.5 Group Restore (Folder)	418
17.4 Schedule List (Device)	419
17.5 Schedule List (Folder)	420
17.5.1 Add/Edit Schedule List (Folder)	421
17.6 Signature Profile Management	423
17.6.1 Signature Profile Backup & Restore (Device)	423
17.6.2 Signature Profile Backup & Restore (Folder)	425
17.6.3 Signature Profile Restore (Folder)	427
17.6.4 Restore to Device	429
17.6.5 Signature Profile Backup (Device)	430
17.6.6 Reset to Factory	431
17.7 Configuration Building Block	431
17.8 Add/Edit a Configuration BB	433
17.8.1 Create a Schedule Configuration BB (ZLD)	436
17.8.2 Create a User Configuration BB (ZLD)	437
17.8.3 Create an Address Configuration BB (ZLD)	439
17.8.4 Create a Service Configuration BB (ZLD)	440
17.9 Component BB	441
17.10 Add/Edit/Save as a Component BB	443
17.11 ZLD Firewall Rule Group Configuration	443
17.12 Add/Edit a Firewall Rule Group	444
Firmware Management	449
18.1 Firmware List	449
18.1.1 Add Firmware	450
18.2 Scheduler List	451
18.3 Firmware Upgrade	451
18.3.1 Firmware Upgrade (Folder)	452
18.3.2 Firmware Upgrade (Device)	453
18.3.3 Firmware Upgrade (Device) > Upgrade	453
License Management	457
19.1 Service Activation	457
19.1.1 Registration	457
19.1.2 Service	460
19.2 License Status	462
19.2.1 Activate/Upgrade License	465
19.3 License Status (Folder)	466
19.4 Signature Status (Device)	469
19.5 Signature Status (Folder)	471
VPN Management	473
VPN Community	475
20.1 VPN Community	475
20.1.1 Add/Edit a VPN Community	476
Installation Report	483
21.1 Installation Report	483
21.1.1 Show Detailed Installation Reportl	484
VPN Monitor	485
22.1 Monitor VPN by Community	485
22.1.1 Show Detailed VPN Community	486
22.1.2 VPN Tunnel Diagnostics	487
22.2 Monitor VPN by Device	489
22.2.1 VPN Tunnel Status	489
22.2.2 Search VPN Tunnels	490
22.2.3 SA Monitor	491
Monitor	493
Device Status Monitor	495
23.1 Device Status	495
3G Monitor	497
24.1 Summary	498
24.1.1 Show Detail	500
24.2 Availability Report	509
24.3 Radio Report	513
24.4 Traffic Report	518
24.5 Alert Report	519
24.6 Monitor Setting	523
24.6.1 Notification Setting	523
24.6.2 Notification	524
24.6.3 Monitor Interval	526
Device HA Status Monitor	527
25.1 Device HA Status	527
Device Alarm	529
26.1 Device Alarm Introduction	529
26.1.1 Alarm Severity	529
26.1.2 Unresolved Alarms	529
26.1.3 Responded Alarm	532
Log & Report	535
Device Operation Report	537
27.1 Firmware Upgrade Report	537
27.1.1 Firmware Report Details	538
27.2 Configuration Report	540
27.2.1 Configuration Report Details	542
27.3 Configuration File Backup Report	543
27.3.1 Configuration File Backup Report Details	545
27.4 Configuration File Restore Report	546
27.5 Signature Profile Backup Report	548
27.6 Signature Profile Restore Report	549
CNM Logs	553
28.1 Vantage CNM Logs	553
28.1.1 CNM Logs	553
VRPT	555
29.1 Vantage Report Overview	555
29.2 Vantage Report in Vantage CNM	556
29.3 Setting Up Vantage Report in Vantage CNM	556
29.4 Opening Vantage Report in Vantage CNM	557
CNM System Setting	559
CNM System Setting	561
30.1 Servers Configuration	561
30.1.1 Vantage CNM Server Public IP Address	563
30.2 Servers Status	564
30.3 User Access	565
30.4 Notifications	566
30.4.1 Notifications Settings	567
30.5 Log Setting	569
30.6 VRPT Management	571
30.6.1 Add/Edit VRPT Management	573
30.7 Certificate Management Overview	574
30.7.1 Advantages of Certificates	575
30.7.2 Current Certificate Information	576
30.7.3 Create CSR	577
30.7.4 Import Certificate	578
Maintenance	581
31.1 System Maintenance	581
31.1.1 Backup	582
31.2 Device Maintenance	583
Device Owner	585
32.1 Device Owner	585
32.1.1 Add/Edit a Device Owner	586
Vantage CNM Software Upgrade	587
33.1 CNM Software Upgrade	587
License	589
34.1 CNM Licence	589
34.1.1 License Upgrade	590
About CNM	591
35.1 About CNM	591
Account Management	593
User Group	595
36.1 Group	595
36.1.1 Add User Group	596
Account	599
37.1 “Root” Administrator	599
37.2 “Super” Administrators	599
37.3 Account	600
37.3.1 Add/Edit an Administrator Account	601
Troubleshooting	603
Troubleshooting	605
38.1 Vantage CNM Access and Login	605
38.2 Device Management	606
38.3 Device Firmware Management	606
38.4 Vantage Report	607
Appendices and Index	609
Product Specifications	611
Setting up Your Computer’s IP Address	617
Pop-up Windows, Java Scripts and Java Permissions	635
IP Addresses and Subnetting	643
IP Address Assignment Conflicts	653
Common Services	657
Importing Certificates	661
Open Software Announcements	667
Legal Information	695

Match case Limit results 1 per page

Chapter 6 Device Security Settings

Vantage CNM User’s Guide

179

to be taken when a packet or stream matches a signature. The following figure

and table describes these actions. Note that in addition to these actions, a log may

be generated or an alert sent, if those check boxes are selected and the signature

is enabled.

Figure 71

Device Operation > Device Configuration > Security > IDP > Signature >

Actions

The following table describes signature actions.

6.9.4

Configuring IDP Signatures

Use this screen to see the device’s “group view” signature screen where you can

view signatures by attack type. To search for signatures based on other criteria

such as signature name or ID, then click the

Switch to query view

link to go to

the “query view” screen.

You can take actions on these signatures as described in

Section 6.9.3 on page

178

. To revert to the default actions or to save sets of actions, go to the

Device

Table 64

Device Operation > Device Configuration > Security > IDP > Signature >

Actions

ACTION

DESCRIPTION

No Action

The intrusion is detected but no action is taken.

Drop Packet

The packet is silently discarded.

Drop Session

When the firewall is enabled, subsequent TCP/IP packets belonging

to the same connection are dropped. Neither sender nor receiver are

sent TCP RST packets. If the firewall is not enabled only the packet

that matched the signature is dropped.

Reset Sender

When the firewall is enabled, the TCP/IP connection is silently torn

down. Just the sender is sent TCP RST packets. If the firewall is not

enabled only the packet that matched the signature is dropped.

Reset Receiver

When the firewall is enabled, the TCP/IP connection is silently torn

down. Just the receiver is sent TCP RST packets. If the firewall is not

enabled only the packet that matched the signature is dropped.

Reset Both

When the firewall is enabled, the TCP/IP connection is silently torn

down. Both sender and receiver are sent TCP RST packets. If the

firewall is not enabled only the packet that matched the signature is

dropped.