1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 97
Page 481 / 944 Scroll up to view Page 476 - 480
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
481
30.2
The IDP General Screen
Click
Configuration > Anti-X > IDP > General
to open this screen. Use this
screen to turn IDP on or off, bind IDP profiles to traffic directions, and view
registration and signature information.
Note: You must register in order to use packet inspection signatures. See the
Registration
screens.
If you try to enable IDP when the IDP service has not yet been registered, a
warning screen displays and IDP is not enabled.
Figure 288
Configuration > Anti-X > IDP > General
The following table describes the screens in this screen.
Table 142
Configuration > Anti-X > IDP > General
LABEL
DESCRIPTION
General Settings
Enable
Signature
Detection
You must register for IDP service in order to use packet inspection
signatures. If you don’t have a standard license, you can register for
a once-off trial one.
Policies
Use this list to specify which IDP profile the ZyWALL uses for traffic
flowing in a specific direction. Edit the policies directly in the table.
Page 482 / 944
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
482
Add
Click this to create a new entry. Select an entry and click
Add
to
create a new entry after the selected entry.
Edit
Select an entry and click this to be able to modify it.
Remove
Select an entry and click this to delete it.
Activate
To turn on an entry, select it and click
Activate
.
Inactivate
To turn off an entry, select it and click
Inactivate
.
Move
To change an entry’s position in the numbered list, select it and click
Move
to display a field to type a number for where you want to put
that entry and press [ENTER] to move the entry to the number that
you typed.
#
This is the entry’s index number in the list.
Priority
IDP policies are applied in order of priority.
Status
The activate (light bulb) icon is lit when the entry is active and
dimmed when the entry is inactive.
From, To
This is the direction of travel of packets to which an IDP profile is
bound. Traffic direction is defined by the zone the traffic is coming
from and the zone the traffic is going to.
Note: Depending on your network topology and traffic load,
binding every packet direction to an IDP profile may affect
the ZyWALL’s performance.
Use the
From
field to specify the zone from which the traffic is
coming. Use the
To
field to specify the zone to which the traffic is
going.
From
LAN1 To LAN1
means packets traveling from a computer on
one LAN1 subnet to a computer on another LAN subnet via the
ZyWALL’s LAN1 zone interfaces. The ZyWALL does not check packets
traveling from a LAN1 computer to another LAN1 computer on the
same subnet.
From
WAN To WAN
means packets that come in from the WAN
zone and the ZyWALL routes back out through the WAN zone.
IDP Profile
This field shows which IDP profile is bound to which traffic direction.
Select an IDP profile to apply to the entry’s traffic direction.
Configure the IDP profiles in the IDP profile screens.
License
You need to create an account at myZyXEL.com, register your
ZyWALL and then subscribe for IDP in order to be able to download
new packet inspection signatures from myZyXEL.com. There’s an
initial free trial period for IDP after which you must pay to subscribe
to the service. See the Registration chapter for details.
License Status
Licensed
,
Not Licensed
or
Expired
indicates whether you have
subscribed for IDP services or not or your registration has expired.
License Type
This field shows
Trial
,
Standard
or
None
depending on whether
you subscribed to the IDP trial, bought an iCard for IDP service or
neither.
Table 142
Configuration > Anti-X > IDP > General
(continued)
LABEL
DESCRIPTION
Page 483 / 944
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
483
30.3
Introducing IDP Profiles
An IDP profile is a set of packet inspection signatures.
Packet inspection signatures examine packet content for malicious data. Packet
inspection applies to OSI (Open System Interconnection) layer-4 to layer-7
contents. You need to subscribe for IDP service in order to be able to download
new signatures.
In general, packet inspection signatures are created for known attacks while
anomaly detection looks for abnormal behavior (see
Section 31.1 on page 513
for
information on anomaly detection).
Apply new
Registration
This link appears if you have not registered for the service or only
have the trial registration. Click this link to go to the screen where
you can register for the service.
Signature
Information
The following fields display information on the current signature set
that the ZyWALL is using.
Current Version
This field displays the IDP signature set version number. This number
gets larger as the set is enhanced.
Signature
Number
This field displays the number of IDP signatures in this set. This
number usually gets larger as the set is enhanced. Older signatures
and rules may be removed if they are no longer applicable or have
been supplanted by newer ones.
Released Date
This field displays the date and time the set was released.
Update
Signatures
Click this link to go to the screen you can use to download signatures
from the update server.
Apply
Click
Apply
to save your changes.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 142
Configuration > Anti-X > IDP > General
(continued)
LABEL
DESCRIPTION
Page 484 / 944
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
484
30.3.1
Base Profiles
The ZyWALL comes with several base profiles. You use base profiles to create new
profiles. In the
Configuration > Anti-X > IDP > Profile
screen, click
Add
to
display the following screen.
Figure 289
Base Profiles
The following table describes this screen.
Table 143
Base Profiles
BASE
PROFILE
DESCRIPTION
none
All signatures are disabled. No logs are generated nor actions are taken.
all
All signatures are enabled. Signatures with a high or severe severity
level (greater than three) generate log alerts and cause packets that
trigger them to be dropped. Signatures with a very low, low or medium
severity level (less than or equal to three) generate logs (not log alerts)
and no action is taken on packets that trigger them.
wan
Signatures for all services are enabled. Signatures with a medium, high
or severe severity level (greater than two) generate logs (not log alerts)
and no action is taken on packets that trigger them. Signatures with a
very low or low severity level (less than or equal to two) are disabled.
lan
This profile is most suitable for common LAN network services.
Signatures for common services such as DNS, FTP, HTTP, ICMP, IM,
IMAP, MISC, NETBIOS, P2P, POP3, RPC, RSERVICE, SMTP, SNMP, SQL,
TELNET, TFTP, MySQL are enabled. Signatures with a high or severe
severity level (greater than three) generate logs (not log alerts) and
cause packets that trigger them to be dropped. Signatures with a low or
medium severity level (two or three) generate logs (not log alerts) and
no action is taken on packets that trigger them. Signatures with a very
low severity level (one) are disabled.
Page 485 / 944
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
485
30.4
The Profile Summary Screen
Select
Anti-X > IDP > Profile
. Use this screen to:
Add a new profile
Edit an existing profile
Delete an existing profile.
Click a column’s heading cell to sort the table entries by that column’s criteria.
Click the heading cell again to reverse the sort order.
Figure 290
Configuration > Anti-X > IDP > Profile
The following table describes the fields in this screen.
dmz
This profile is most suitable for networks containing your servers.
Signatures for common services such as DNS, FTP, HTTP, ICMP, IMAP,
MISC, NETBIOS, POP3, RPC, RSERVICE, SMTP, SNMP, SQL, TELNET,
Oracle, MySQL are enabled. Signatures with a high or severe severity
level (greater than three) generate log alerts and cause packets that
trigger them to be dropped. Signatures with a low or medium severity
level (two or three) generate logs (not log alerts) and no action is taken
on packets that trigger them. Signatures with a very low severity level
(one) are disabled.
OK
Click
OK
to save your changes.
Cancel
Click
Cancel
to exit this screen without saving your changes.
Table 143
Base Profiles
(continued)
BASE
PROFILE
DESCRIPTION
Table 144
Configuration > Anti-X > IDP > Profile
LABEL
DESCRIPTION
Add
Click this to create a new entry.
Edit
Select an entry and click this to be able to modify it.
Remove
Select an entry and click this to delete it.
#
This is the entry’s index number in the list.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top