Chapter 38 IDP
ZyWALL USG Series User’s Guide
717
Figure 502 Base Profiles
The following table describes this screen.
38.2.2 Adding / Editing Profiles
You may want to create a new profile if not all signatures in a base profile are applicable to your
network. In this case you should disable non-applicable signatures so as to improve Zyxel Device IDP
processing efficiency.
You may also find that certain signatures are triggering too many false positives or false negatives. A
false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is
wrongly allowed to pass through the Zyxel Device. As each network is different, false positives and false
negatives are common on initial IDP deployment.
Table 259 Base Profiles
BASE PROFILE DESCRIPTION
none All signatures are disabled. No logs are generated nor actions are taken.
all All signatures are enabled. Signatures with a high or severe severity level (greater than
three) generate log alerts and cause packets that trigger them to be dropped. Signatures
with a very low, low or medium severity level (less than or equal to three) generate logs (not
log alerts) and no action is taken on packets that trigger them.
wan Signatures for all services are enabled. Signatures with a medium, high or severe severity
level (greater than two) generate logs (not log alerts) and no action is taken on packets
that trigger them. Signatures with a very low or low severity level (less than or equal to two)
are disabled.
lan This profile is most suitable for common LAN network services. Signatures for common
services such as DNS, FTP, HTTP, ICMP, IM, IMAP, MISC, NETBIOS, P2P, POP3, RPC, RSERVICE,
SMTP, SNMP, SQL, TELNET, TFTP, MySQL are enabled. Signatures with a high or severe severity
level (greater than three) generate logs (not log alerts) and cause packets that trigger them
to be dropped. Signatures with a low or medium severity level (two or three) generate logs
(not log alerts) and no action is taken on packets that trigger them. Signatures with a very
low severity level (one) are disabled.
dmz This profile is most suitable for networks containing your servers. Signatures for common
services such as DNS, FTP, HTTP, ICMP, IMAP, MISC, NETBIOS, POP3, RPC, RSERVICE, SMTP,
SNMP, SQL, TELNET, Oracle, MySQL are enabled. Signatures with a high or severe severity
level (greater than three) generate log alerts and cause packets that trigger them to be
dropped. Signatures with a low or medium severity level (two or three) generate logs (not
log alerts) and no action is taken on packets that trigger them. Signatures with a very low
severity level (one) are disabled.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving your changes.
To Next Page
Loading...
