ZyXEL Communications ATP200 - Applying Custom Signatures

To Next Page

To Previous Page

Chapter 30 IDP

ZyWALL ATP Series User’s Guide

550

From the details about DNS query you see that the protocol is UDP and the port is 53. The type of DNS

packet is standard query and the Flag is 0x0100 with an offset of 2. Therefore enter |010| as the first

pattern.

The final custom signature should look like as shown in the following figure.

Figure 359 Example Custom Signature

30.3.3 Applying Custom Signatures

After you create your custom signature, it becomes available in an IDP profile (Configuration > Security

Service > IDP > Profile > Edit) screen. Custom signatures have an SID from 9000000 to 9999999.

Search for, then activate the signature, configure what action to take when a packet matches it and if

it should generate a log or alert in a profile. Then bind the profile to a zone.

Main Page

Document Conventions3
Contents Overview4
- Table of Contents4
Table of Contents6
Part I: User's Guide23
Chapter 1 Introduction24
- Introduction24
- Overview24
- Registration at Myzyxel24
  - Grace Period25
  - Applications25
- Management Overview28
- Web Configurator29
Chapter 2 Initial Setup Wizard47
- Initial Setup Wizard Screens47
Chapter 3 Hardware, Interfaces and Zones64
- Hardware Overview64
  - Front Panels64
  - Rear Panels65
- Mounting66
  - Rack-Mounting67
  - Wall-Mounting67
- Default Zones, Interfaces, and Ports68
- Stopping the Zyxel Device69
Chapter 4 Quick Setup Wizards70
- Quick Setup Overview70
- WAN Interface Quick Setup71
- VPN Setup Wizard77
- VPN Settings for Configuration Provisioning Wizard: Wizard Type89
- VPN Settings for L2TP VPN Settings Wizard99
- Quick Setup Wizards70
Chapter 5 Dashboard104
- Overview104
  - What You Can Do in this Chapter104
- The General Screen104
- The Advanced Threat Protection Screen112
- Dashboard104
Part II: Technical Reference113
Chapter 6 Monitor114
- Overview114
  - What You Can Do in this Chapter114
- The Port Statistics Screen116
  - The Port Statistics Graph Screen117
- Interface Status Screen118
- The Traffic Statistics Screen121
- The Session Monitor Screen124
- The Login Users Screen126
- IGMP Statistics127
- The DDNS Status Screen128
- IP/MAC Binding128
- Cellular Status Screen129
  - More Information132
- The Upnp Port Status Screen133
- USB Storage Screen134
- Ethernet Neighbor Screen135
- FQDN Object Screen136
- AP Information: AP List138
  - AP List: more Information140
  - AP List: Config AP143
- AP Information: Radio List145
  - Radio List: more Information147
- AP Information: Top N Aps148
- AP Information: Single AP150
- Zymesh151
- SSID Info152
- Station Info: Station List152
- Station Info: Top N Stations153
- Station Info: Single Station154
- Detected Device155
- The Ipsec Screen156
- The SSL Screen158
- The L2TP over Ipsec Screen158
- The Content Filter Screen159
- The App Patrol Screen161
- The Anti-Malware Screen162
- The IDP Screen164
- The Email Security Screens166
  - Email Security Summary166
  - The Email Security Status Screen168
- The Botnet Filter Screen170
- The Sandboxing Screen171
- The SSL Inspection Screens172
  - Certificate Cache List173
- Log Screens174
  - View Log174
  - View AP Log176
- Monitor114
Chapter 7 Licensing179
- Registration Overview179
- Signature Update182
- Licensing179
Chapter 8 Wireless184
- Overview184
  - What You Can Do in this Chapter184
- Controller Screen184
- AP Management Screens185
- MON Mode197
  - Add/Edit Rogue/Friendly List199
- Auto Healing200
- RTLS Overview200
- Technical Reference203
  - Dynamic Channel Selection203
  - Load Balancing204
- Wireless184
Chapter 9 Interfaces205
- Interface Overview205
- Port Role210
- Ethernet Summary Screen211
- PPP Interfaces233
  - PPP Interface Summary234
  - PPP Interface Add or Edit235
- Cellular Configuration Screen240
  - Cellular Choose Slot243
  - Add / Edit Cellular Configuration243
- Tunnel Interfaces249
  - Configuring a Tunnel251
  - Tunnel Add or Edit Screen252
- VLAN Interfaces256
  - VLAN Summary Screen257
  - VLAN Add/Edit258
- Bridge Interfaces269
  - Bridge Summary271
  - Bridge Add/Edit272
- Vti282
- Trunk Overview287
  - What You Need to Know287
- The Trunk Summary Screen290
  - Configuring a User-Defined Trunk291
  - Configuring the System Default Trunk293
- Interface Technical Reference295
Chapter 10 Routing299
- Policy and Static Routes Overview299
  - What You Can Do in this Chapter299
  - What You Need to Know300
- Policy Route Screen301
  - Policy Route Edit Screen303
- IP Static Route Screen308
  - Static Route Add/Edit Screen308
- Policy Routing Technical Reference310
- Routing Protocols Overview310
  - What You Need to Know311
- The RIP Screen311
- The OSPF Screen313
- BGP (Border Gateway Protocol)320
- Ddns326
- Routing299
Chapter 11 DDNS326
- DDNS Overview326
  - What You Can Do in this Chapter326
  - What You Need to Know326
- The DDNS Screen327
  - The Dynamic DNS Add/Edit Screen328
Chapter 12 NAT332
- NAT Overview332
  - What You Can Do in this Chapter332
  - What You Need to Know332
- The NAT Screen333
  - The NAT Add/Edit Screen335
- NAT Technical Reference338
- Nat332
Chapter 13 Redirect Service340
- Overview340
- The Redirect Service Screen343
  - The Redirect Service Edit Screen344
- Redirect Service340
- Alg346
Chapter 14 ALG346
- ALG Overview346
  - What You Need to Know346
  - Before You Begin349
- The ALG Screen349
- ALG Technical Reference351
Chapter 15 Upnp353
- Upnp and NAT-PMP Overview353
- What You Need to Know353
  - NAT Traversal353
  - Cautions with Upnp and NAT-PMP354
- Upnp Screen354
- Technical Reference355
- Upnp353
Chapter 16 IP/MAC Binding362
- IP/MAC Binding Overview362
  - What You Can Do in this Chapter362
  - What You Need to Know362
- IP/MAC Binding Summary363
  - IP/MAC Binding Edit364
  - Static DHCP Edit365
- IP/MAC Binding Exempt List366
- IP/MAC Binding362
Chapter 17 Layer 2 Isolation367
- Overview367
  - What You Can Do in this Chapter367
- Layer-2 Isolation General Screen367
- White List Screen368
  - Add/Edit White List Rule369
- Layer 2 Isolation367
Chapter 18 DNS Inbound LB371
- DNS Inbound Load Balancing Overview371
  - What You Can Do in this Chapter371
- The DNS Inbound LB Screen372
  - The DNS Inbound LB Add/Edit Screen373
  - The DNS Inbound LB Add/Edit Member Screen375
- DNS Inbound LB371
Chapter 19 Ipnp377
- Ipnp Overview377
  - What You Can Do in this Chapter377
- Ipnp Screen378
- Ipnp377
Chapter 20 Ipsec VPN379
- Virtual Private Networks (VPN) Overview379
- The VPN Connection Screen384
  - The VPN Connection Add/Edit Screen386
- The VPN Gateway Screen393
  - The VPN Gateway Add/Edit Screen394
- VPN Concentrator401
- Zyxel Device Ipsec VPN Client Configuration Provisioning403
- Ipsec VPN Background Information405
- Ipsec VPN379
Chapter 21 SSL VPN415
- Overview415
  - What You Can Do in this Chapter415
  - What You Need to Know415
- The SSL Access Privilege Screen416
  - The SSL Access Privilege Policy Add/Edit Screen417
- The SSL Global Setting Screen419
- Ssl Vpn415
Chapter 22 L2TP VPN421
- Overview421
  - What You Can Do in this Chapter421
  - What You Need to Know421
- L2TP VPN Screen422
  - Example: L2TP and Zyxel Device Behind a NAT Router424
- L2Tp Vpn421
Chapter 23 BWM (Bandwidth Management)426
- Overview426
  - What You Can Do in this Chapter426
  - What You Need to Know426
- The Bandwidth Management Configuration430
  - The Bandwidth Management Add/Edit Screen433
Chapter 24 Web Authentication441
- Web Auth Overview441
  - What You Can Do in this Chapter441
  - What You Need to Know442
- Web Authentication General Screen442
- SSO Overview458
- SSO - Zyxel Device Configuration460
- SSO Agent Configuration467
- Web Authentication441
Chapter 25 Security Policy470
- Overview470
- One Security471
- What You Can Do in this Chapter474
  - What You Need to Know474
- The Security Policy Screen476
  - Configuring the Security Policy Control Screen477
  - The Security Policy Control Add/Edit Screen481
- Anomaly Detection and Prevention Overview482
- The Session Control Screen491
  - The Session Control Add/Edit Screen492
- Security Policy Example Applications493
- Security Policy470
- Application Patrol496
Chapter 26 Application Patrol496
- Overview496
  - What You Can Do in this Chapter496
  - What You Need to Know496
- Application Patrol Profile497
Chapter 27 Content Filter505
- Overview505
- Content Filter Profile Screen507
- Content Filter Trusted Web Sites Screen520
- Content Filter Forbidden Web Sites Screen521
- Content Filter Technical Reference522
- Content Filter505
- Anti-Malware524
Chapter 28 Anti-Malware524
- Overview524
  - What You Can Do in this Chapter524
  - What You Need to Know525
- Anti-Malware Screen526
  - Anti-Malware Black List or White List Add/Edit529
- Anti-Malware Signature Searching530
- Anti-Malware Technical Reference531
- Botnet Filter533
Chapter 29 Botnet Filter533
- Overview533
  - What You Can Do in this Chapter533
- Botnet Filter Screen533
Chapter 30 IDP537
- Overview537
- The IDP Screen537
  - Query Example542
- IDP Custom Signatures543
- IDP Technical Reference551
- Idp537
Chapter 31 Sandboxing554
- Overview554
  - What You Can Do in this Chapter554
- Sandboxing Screen554
- Sandboxing554
Chapter 32 Email Security556
- Overview556
  - What You Can Do in this Chapter556
  - What You Need to Know556
- Before You Begin557
- The Email Security Screen558
- The Black List / White List Screen561
  - The Black or White List Add/Edit Screen562
  - Regular Expressions in Black or White List Entries563
- Email Security Technical Reference563
- Email Security556
Chapter 33 SSL Inspection567
- Overview567
- The SSL Inspection Profile Screen568
  - Apply to a Security Policy569
  - Add / Edit SSL Inspection Profiles572
- Exclude List Screen573
- Certificate Update Screen575
- Install a CA Certificate in a Browser576
- SSL Inspection567
Chapter 34 Object579
- Zones Overview579
  - What You Need to Know579
  - The Zone Screen580
- User/Group Overview582
- AP Profile Overview596
  - Radio Screen597
  - SSID Screen603
- Object579
- MON Profile612
- Zymesh Overview616
  - Zymesh Profile618
  - Add/Edit Zymesh Profile619
- Address/Geo IP Overview619
- Service Overview628
- Schedule Overview632
- AAA Server Overview638
- Auth. Method Overview647
- Certificate Overview653
- ISP Account Overview668
  - ISP Account Summary668
- Dhcpv6 Overview671
  - The Dhcpv6 Request Screen671
    - The Dhcpv6 Lease Screen673
Chapter 35 Device HA675
- Device HA Overview675
  - What You Can Do in These Screens675
- Device HA Status675
- Device HA Pro677
  - Deploying Device HA Pro678
  - Configuring Device HA Pro678
- View Log680
- Cloud CNM682
- Device HA675
Chapter 36 Cloud CNM682
- Cloud CNM Overview682
  - What You Can Do in this Chapter682
- Cloud CNM Secumanager682
- Cloud CNM Secureporter685
Chapter 37 System689
- Overview689
  - What You Can Do in this Chapter689
- Host Name690
- USB Storage690
- Date and Time691
  - Pre-Defined NTP Time Servers List694
  - Time Server Synchronization694
- Console Port Speed695
- DNS Overview696
- WWW Overview706
- Ssh723
- Telnet728
  - Configuring Telnet728
  - Service Control Rules730
- Ftp730
  - Configuring FTP730
  - Service Control Rules732
- Snmp732
- Authentication Server738
  - Add/Edit Trusted RADIUS Client740
- Notification > Mail Server740
- Notification > SMS742
- Language Screen743
- Ipv6 Screen743
- Zyxel One Network (ZON) Utility744
- System689
Chapter 38 Log and Report749
- Overview749
  - What You Can Do in this Chapter749
- Email Daily Report749
- Log Setting Screens751
- Log and Report749
Chapter 39 File Manager762
- Overview762
  - What You Can Do in this Chapter762
  - What You Need to Know762
- The Configuration File Screen764
- Firmware Management769
- The Shell Script Screen774
- File Manager762
Chapter 40 Diagnostics777
- Overview777
  - What You Can Do in this Chapter777
- The Diagnostics Screens777
- The Packet Capture Screen781
  - The Packet Capture Files Screen783
- The CPU / Memory Status Screen784
- The System Log Screen786
- The Remote Assistance Screen786
- The Network Tool Screen788
- The Routing Traces Screen790
- The Wireless Frame Capture Screen791
  - The Wireless Frame Capture Files Screen793
- Diagnostics777
Chapter 41 Packet Flow Explore794
- Overview794
  - What You Can Do in this Chapter794
- The Routing Status Screen794
- The SNAT Status Screen798
- Packet Flow Explore794
Chapter 42 Shutdown801
- Overview801
  - What You Need to Know801
- The Shutdown Screen801
- Shutdown801
Chapter 43 Troubleshooting802
- Resetting the Zyxel Device814
- Getting more Troubleshooting Help814
- Troubleshooting802
Appendix A Customer Support815
Appendix B Product Features821
Appendix C Legal Information825
Index833

ZyXEL Communications ATP200 - Applying Custom Signatures

Table of Contents

Other manuals for ZyXEL Communications ATP200

Related product manuals