ZyXEL Communications 1000 ユーザーズマニュアル
Chapter 35 ADP
ZyWALL USG 1000 User’s Guide
602
The following table describes the fields in this screen.
35.3.3 Creating New ADP Profiles
You may want to create a new profile if not all rules in a base profile are applicable
to your network. In this case you should disable non-applicable rules so as to
improve ZyWALL ADP processing efficiency.
to your network. In this case you should disable non-applicable rules so as to
improve ZyWALL ADP processing efficiency.
You may also find that certain rules are triggering too many false positives or false
negatives. A false positive is when valid traffic is flagged as an attack. A false
negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As
each network is different, false positives and false negatives are common on initial
ADP deployment.
negatives. A false positive is when valid traffic is flagged as an attack. A false
negative is when invalid traffic is wrongly allowed to pass through the ZyWALL. As
each network is different, false positives and false negatives are common on initial
ADP deployment.
You could create a new ‘monitor profile’ that creates logs but all actions are
disabled. Observe the logs over time and try to eliminate the causes of the false
alarms. When you’re satisfied that they have been reduced to an acceptable level,
you could then create an ‘inline profile’ whereby you configure appropriate actions
to be taken when a packet matches a rule.
disabled. Observe the logs over time and try to eliminate the causes of the false
alarms. When you’re satisfied that they have been reduced to an acceptable level,
you could then create an ‘inline profile’ whereby you configure appropriate actions
to be taken when a packet matches a rule.
ADP profiles consist of traffic anomaly profiles and protocol anomaly profiles. To
create a new profile, select a base profile (see
create a new profile, select a base profile (see
click OK to go to the profile details screen. Type a new profile name, enable or
disable individual rules and then edit the default log options and actions.
disable individual rules and then edit the default log options and actions.
35.3.4 Traffic Anomaly Profiles
The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly
detection looks for abnormal behavior such as scan or flooding attempts. In the
Configuration > Anti-X > ADP > Profile screen, click the Edit icon or click the
Add icon and choose a base profile. If you made changes to other screens
detection looks for abnormal behavior such as scan or flooding attempts. In the
Configuration > Anti-X > ADP > Profile screen, click the Edit icon or click the
Add icon and choose a base profile. If you made changes to other screens
Table 163 Anti-X > ADP > Profile
LABEL
DESCRIPTION
Add
Click this to create a new entry.
Edit
Select an entry and click this to be able to modify it.
Remove
Select an entry and click this to delete it.
#
This is the entry’s index number in the list.
Name
This is the name of the profile you created.
Base Profile
This is the base profile from which the profile was created.