Chapter 13 Security Policy
USG FLEX H Series User’s Guide
204
The following table describes the labels in this screen.
Table 101 Security Policy > DoS Prevention > Profile > Add/Edit
LABEL DESCRIPTION
Name A name is automatically generated that you can edit. The name must be the same
in the DoS Prevention screens for the same DoS prevention profile. You may use 1-31
alphanumeric characters, underscores(
_), or dashes (-), but the first character
cannot be a number. This value is case-sensitive. These are valid, unique profile
names:
•MyProfile
• mYProfile
• Mymy12_3-4
These are invalid profile names:
•1mYProfile
•My Profile
• MyProfile?
• Whatalongprofilename123456789012
Description In addition to the name, type additional information to help you identify this DoS
prevention profile.
Scan/Flood Detection Scan detection, such as port scanning, tries to find attacks where an attacker scans
device(s) to determine what types of network protocols or services a device
supports.
Flood detection tries to find attacks that saturate a network with useless data, use up
all available bandwidth, and so aim to make communications on the network
impossible.
Sensitivity (Scan
detection only)
Select a sensitivity level so as to reduce false positives in your network. If you choose
low sensitivity, then scan thresholds and sample times are set low, so you will have
fewer logs and false positives; however some traffic anomaly attacks may not be
detected.
If you choose high sensitivity, then scan thresholds and sample times are set high, so
most traffic anomaly attacks will be detected; however you will have more logs and
false positives.
Block Period Specify for how many seconds the Zyxel Device blocks all packets from being sent
to the victim (destination) of a detected anomaly attack. Flood Detection applies
blocking to the destination IP address and Scan Detection applies blocking to the
source IP address.
Edit (Flood Detection
only)
Select an entry and click this to be able to modify it.
Active To turn on an entry, select it and click Activate.
Inactive To turn off an entry, select it and click Inactivate.
Log To edit an item’s log option, select it and use the Log icon. Select whether to have
the Zyxel Device generate a log (log), log and alert (log alert) or neither (no) when
traffic matches this anomaly policy.
Action To edit what action the Zyxel Device takes when a packet matches a policy, select
the policy and use the Action icon.
None: The Zyxel Device takes no action when a packet matches the policy.
Block: The Zyxel Device silently drops packets that matches the policy. Neither
sender nor receiver are notified.
Status The activate (light bulb) icon is lit when the entry is active and dimmed when the
entry is inactive.
Name This is the name of the anomaly policy. Click the Name column heading to sort in
ascending or descending order according to the protocol anomaly policy name.
To Next Page
Loading...
