ZyXEL Communications 1000 User Manual

ZyWALL USG 1000 User’s Guide

This chapter introduces packet inspection IDP (Intrusion, Detection and 
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures 
and updating signatures. An IDP system can detect malicious or suspicious 
packets and respond instantaneously. IDP on the ZyWALL protects against 
network-based intrusions. 

• Use  the  Anti-X > IDP > General screen (

) to turn 

IDP on or off, bind IDP profiles to traffic directions, and view registration and 

signature information. Click the Add or Edit icon in this screen to bind an IDP 

profile to a traffic direction.

• Use  the  Anti-X > IDP > Profile screen (

) to add a 

new profile, edit an existing profile or delete an existing profile.

• Use  the  Anti-X > IDP > Custom Signature screens (

) to create a new signature, edit an existing signature, delete existing 

signatures or save signatures to your computer.

A signature identifies a malicious or suspicious packet and specifies an action to be 
taken. You can change the action in the profile screens. Packet inspection 
signatures examine  OSI (Open System Interconnection) layer-4 to layer-7 packet 
contents for malicious data. Generally, packet inspection signatures are created 
for known attacks while anomaly detection looks for abnormal behavior (see 

).

A zone is a combination of ZyWALL interfaces and VPN connections used for 
configuring security. See the zone chapter for details on zones and the interfaces 
chapter for details on interfaces.