Chapter 15 Application Patrol
USG FLEX H Series User’s Guide
233
is correct. Before confirmation, packets are forwarded by App Patrol with no action taken. The number
of packets inspected before confirmation varies by signature.
Note: The Zyxel Device allows the first eight packets to go through the security policy,
regardless of the application patrol policy for the application. The Zyxel Device
examines these first eight packets to identify the application.
The second approach is called service ports. The Zyxel Device uses only OSI level-4 information, such as
ports, to identify what application is using the connection. This approach is available in case the Zyxel
Device identifies a lot of “false positives” for a particular application.
Custom Ports for SIP and the SIP ALG
Configuring application patrol to use custom port numbers for SIP traffic also configures the SIP ALG to
use the same port numbers for SIP traffic. Likewise, configuring the SIP ALG to use custom port numbers
for SIP traffic also configures application patrol to use the same port numbers for SIP traffic.
15.2 Application Patrol Profile
Use the application patrol screens to customize action and log settings for a group of application patrol
signatures. You then link a profile to a policy. Use this screen to create an application patrol profile, and
view signature information. It also lists the details about the signature set the Zyxel Device is using.
Note: You must register for the AppPatrol signature service (at least the trial) before you can
use it.
A profile is an application object(s) or application group(s) that has customized action and log settings.
Click Security Service > App Patrol to open the following screen.
Click the Application Patrol icon for more information on the Zyxel Device’s security features.
To Next Page
Loading...
