Chapter 13 Security Policy
USG FLEX H Series User’s Guide
201
13.4.2 The DoS Prevention Profile Screen
Create new DoS prevention profiles in the Security Policy > DoS Prevention > Profile screens.
When creating DoS prevention profiles. you may find that certain policies are triggering too many false
positives or false negatives. A false positive is when valid traffic is flagged as an attack. A false negative
is when invalid traffic is wrongly allowed to pass through the Zyxel Device. As each network is different,
false positives and false negatives are common on initial DoS prevention deployment.
To counter this, you could create a ‘monitor profile’ that creates logs, but all actions are disabled.
Observe the logs over time and try to eliminate the causes of the false alarms. When you’re satisfied that
they have been reduced to an acceptable level, you could then create an ‘in-line profile’ whereby you
configure appropriate actions to be taken when a packet matches a policy.
DoS prevention profiles consist of traffic anomaly profiles. To create a new profile, click Add. Type a new
profile name, enable or disable individual policies and then edit the default log options and actions.
Click Security Policy > DoS Prevention > Profile to view the following screen.
From This is the direction of travel of packets to which an anomaly profile is bound. Traffic
direction is defined by the zone the traffic is coming from.
Use the From field to specify the zone from which the traffic is coming. Select ZyWALL
to specify traffic coming from the Zyxel Device itself.
From LAN means packets traveling from a computer on one LAN subnet to a
computer on another subnet via the Zyxel Device’s LAN1 zone interfaces. The Zyxel
Device does not check packets traveling from a LAN computer to another LAN
computer on the same subnet.
From WAN means packets that come in from the WAN zone and the Zyxel Device
routes back out through the WAN zone.
Note: Depending on your network topology and traffic load, applying
every packet direction to an anomaly profile may affect the Zyxel
Device’s performance.
Anomaly Profile An anomaly profile is a set of anomaly policies with configured activation, log and
action settings. This field shows which anomaly profile is bound to which traffic
direction. Select an ADP profile to apply to the entry’s traffic direction. Configure the
ADP profiles in the ADP profile screens.
Table 99 Security Policy > DoS Prevention > DoS Prevention Policy
LABEL DESCRIPTION
To Next Page
Loading...
