ZyXEL Communications 1000 User Manual

Chapter 34 IDP

ZyWALL USG 1000 User’s Guide

You may want to create a new profile if not all signatures in a base profile are 
applicable to your network. In this case you should disable non-applicable 
signatures so as to improve ZyWALL IDP processing efficiency.

You may also find that certain signatures are triggering too many false positives or 
false negatives. A false positive is when valid traffic is flagged as an attack. A false 
negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As 
each network is different, false positives and false negatives are common on initial 
IDP deployment.

You could create a new ‘monitor profile’ that creates logs but all actions are 
disabled. Observe the logs over time and try to eliminate the causes of the false 
alarms. When you’re satisfied that they have been reduced to an acceptable level, 
you could then create an ‘inline profile’ whereby you configure appropriate actions 
to be taken when a packet matches a signature.

To create a new profile:

Click the Add icon in the Configuration > Anti-X > IDP > Profile screen to 
display a pop-up screen allowing you to choose a base profile.

Select a base profile (see 

) and then click OK to go to the 

profile details screen.

Note: If Internet Explorer opens a warning screen about a script making Internet 

Explorer run slowly and the computer maybe becoming unresponsive, just click 
No to continue.

Type a new profile name

Enable or disable individual signatures.

Edit the default log options and actions.

Name

This is the name of the profile you created. 

Base Profile

This is the base profile from which the profile was created.

Table 152   Configuration > Anti-X > IDP > Profile (continued)