Chapter 20 IPS
USG FLEX H Series User’s Guide
307
Policy Types
This table describes Policy Types as categorized in the Zyxel Device.
Period (1-300) Type the length of time in seconds the event should occur a Count number of times to
trigger an IPS Action.
For example, Count is set to 5, and Period is set to 60. If the Zyxel Device detects more
than 5 occurrences of malicious traffic in less than 60 seconds, then an IPS Action is
triggered.
Count (1-300) Type the number of security events that need to occur within the defined Period in order
to trigger an IPS Action.
Block Period (0-
86400)
This field displays the time period the attacker’s IP will be blocked.
Click on the number in this column to set the value from 0 to 86400 seconds. 0 means
that the IP will not be blocked.
Log This fields displays the log action the Zyxel Device takes when a packet matches a
signature.
log- The Zyxel Device generates a log.
log an alert- The Zyxel Device generates a log and alerts the users.
no- The Zyxel Device will neither generate a log nor alert the users.
Action This field displays the response the Zyxel Device takes when a packet matches a
signature. Hold down the [Ctrl] key if you want to make multiple selections.
none: Select this action to have the Zyxel Device take no action when a packet
matches a signature.
drop: Select this action to have the Zyxel Device silently drop a packet that matches a
signature. Neither sender nor receiver are notified.
reject: Select this action to have the Zyxel Device send a reset to both the sender and
receiver when a packet matches the signature. If it is a TCP attack packet, the Zyxel
Device will send a packet with a ‘RST’ flag to the receiver and sender. If it is an ICMP or
UDP attack packet, the Zyxel Device will send an ICMP unreachable packet.
Signature Information The following fields display information on the current signature set that the Zyxel Device
is using.
Current Version This field displays the IPS signature set version number. This number gets larger as the set
is enhanced.
Update Signatures Click this link to go to the screen you can use to download signatures from the update
server.
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Table 153 Policy Types
POLICY TYPE DESCRIPTION
Access Control Access control refers to procedures and controls that limit or detect access. Access
control attacks try to bypass validation checks in order to access network resources such
as servers, directories, and files.
Any Any attack includes all other kinds of attacks that are not specified in the policy such as
password, spoof, hijack, phishing, and close-in.
Table 152 Security Service > IPS (continued)
LABEL DESCRIPTION
To Next Page
Loading...
