ZyXEL Communications 100 Series User Manual
Chapter 29 IDP
ZyWALL USG 100/200 Series User’s Guide
508
29.8.3 Applying Custom Signatures
After you create your custom signature, it becomes available in the IDP service group category
in the IDP > Profile > Packet Inspection screen. Custom signatures have an SID from
9000000 to 9999999.
in the IDP > Profile > Packet Inspection screen. Custom signatures have an SID from
9000000 to 9999999.
You can activate the signature, configure what action to take when a packet matches it and if it
should generate a log or alert in a profile. Then bind the profile to a zone.
should generate a log or alert in a profile. Then bind the profile to a zone.
Figure 394 Example: Custom Signature in IDP Profile
29.8.4 Verifying Custom Signatures
You should configure the signature to create a log when an ‘attack packet’ matches the
signature. (You may also want to configure an alert if the attack is more serious and needs
more immediate attention.) After you apply the signature to a zone, you can see if it works by
checking the logs (Maintenance > Logs > View Log).
signature. (You may also want to configure an alert if the attack is more serious and needs
more immediate attention.) After you apply the signature to a zone, you can see if it works by
checking the logs (Maintenance > Logs > View Log).
All IDP signatures come under the IDP category. The Priority column shows warn for
signatures that are configured to generate a log only. It shows critical for signatures that are
configured to generate a log and alert. count is the number of attacks that occurred at that
time. The Note column displays ACCESS FORWARD when no action is configured for the
signature. It displays ACCESS DENIED if you configure the signature action to drop the
packet. The destination port is the service port (NetBIOS in this case) that the attack tries to
exploit.
signatures that are configured to generate a log only. It shows critical for signatures that are
configured to generate a log and alert. count is the number of attacks that occurred at that
time. The Note column displays ACCESS FORWARD when no action is configured for the
signature. It displays ACCESS DENIED if you configure the signature action to drop the
packet. The destination port is the service port (NetBIOS in this case) that the attack tries to
exploit.