ZyXEL ZyWALL ATP700 User Guide - Page 524
Anomaly Detection and Prevention Overview
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 524 highlights
Chapter 24 Security Policy Table 199 Configuration > Security Policy > Policy Control > Add (continued) LABEL DESCRIPTION User This field is not available when you are configuring a to-Zyxel Device policy. Select a user name or user group to which to apply the policy. The Security Policy is activated only when the specified user logs into the system and the policy will be disabled when the user logs out. Otherwise, select any and there is no need for user logging. Schedule Action Log matched traffic Profile Application Patrol Content Filter SSL Inspection OK Cancel Note: If you specified a source IP address (group) instead of any in the field below, the user's IP address should be within the IP address range. Select a schedule that defines when the policy applies. Otherwise, select none and the policy is always effective. Use the drop-down list box to select what the Security Policy is to do with packets that match this policy. Select deny to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the sender. Select reject to discard the packets and send a TCP reset packet or an ICMP destinationunreachable message to the sender. Select allow to permit the passage of the packets. Select whether to have the Zyxel Device generate a log (log), log and alert (log alert) or not (no) when the policy is matched to the criteria listed above.. Use this section to apply anti- x profiles (created in the Configuration > Security Service screens) to traffic that matches the criteria above. You must have created a profile first; otherwise none displays. Use Log to generate a log (log), log and alert (log alert) or not (no) for all traffic that matches criteria in the profile. Select an Application Patrol profile from the list box; none displays if no profiles have been created in the Configuration > Security Service > App Patrol screen. Select a Content Filter profile from the list box; none displays if no profiles have been created in the Configuration > Security Service > Content Filter screen. Select an SSL Inspection profile from the list box; none displays if no profiles have been created in the Configuration > Security Service > SSL Inspection screen. Click OK to save your customized settings and exit this screen. Click Cancel to exit this screen without saving. 24.5 Anomaly Detection and Prevention Overview Anomaly Detection and Prevention (ADP) protects against anomalies based on violations of protocol standards (RFCs - Requests for Comments) and abnormal flows such as port scans. This section introduces ADP, anomaly profiles and applying an ADP profile to a traffic direction. Traffic Anomalies Traffic anomaly policies look for abnormal behavior or events such as port scanning, sweeping or network flooding. They operate at OSI layer-2 and layer-3. Traffic anomaly policies may be updated when you upload new firmware. ZyWALL ATP Series User's Guide 524