ZyXEL Communications 200 Series Benutzerhandbuch

ZyWALL USG 100/200 Series User’s Guide

This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and 
applying an ADP profile to a traffic direction. ADP protects against anomalies based on 
violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as 
port scans.

1 ADP anomaly detection is in general effective against abnormal behavior while IDP 

packet inspection signatures are in general effective for known attacks (see 

 for information on packet inspection).

2 ADP traffic and anomaly rules are updated when you upload new firmware. This is 

different from the IDP packet inspection signatures and the system protect signatures 
you download from myZyXEL.com.

• Use Anti-X > ADP > General (

) to turn anomaly detection on or 

off and apply anomaly profiles to traffic directions.

• Use Anti-X > ADP > Profile (

) to add a new profile, edit an 

existing profile or delete an existing profile.

Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or 
network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be 
updated when you upload new firmware.

Protocol anomalies are packets that do not comply with the relevant RFC (Request For 
Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP 
Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new 
firmware.