ZyXEL Vantage CNM User Guide - Page 179
Configuring IDP Signatures
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 179 highlights
Chapter 6 Device Security Settings to be taken when a packet or stream matches a signature. The following figure and table describes these actions. Note that in addition to these actions, a log may be generated or an alert sent, if those check boxes are selected and the signature is enabled. Figure 71 Device Operation > Device Configuration > Security > IDP > Signature > Actions The following table describes signature actions. Table 64 Device Operation > Device Configuration > Security > IDP > Signature > Actions ACTION DESCRIPTION No Action The intrusion is detected but no action is taken. Drop Packet The packet is silently discarded. Drop Session When the firewall is enabled, subsequent TCP/IP packets belonging to the same connection are dropped. Neither sender nor receiver are sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Sender When the firewall is enabled, the TCP/IP connection is silently torn down. Just the sender is sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Receiver When the firewall is enabled, the TCP/IP connection is silently torn down. Just the receiver is sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Both When the firewall is enabled, the TCP/IP connection is silently torn down. Both sender and receiver are sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. 6.9.4 Configuring IDP Signatures Use this screen to see the device's "group view" signature screen where you can view signatures by attack type. To search for signatures based on other criteria such as signature name or ID, then click the Switch to query view link to go to the "query view" screen. You can take actions on these signatures as described in Section 6.9.3 on page 178. To revert to the default actions or to save sets of actions, go to the Device Vantage CNM User's Guide 179