Chapter 27 Security Policy
ZyWALL USG Series User’s Guide
581
27.5 Anomaly Detection and Prevention Overview
Anomaly Detection and Prevention (ADP) protects against anomalies based on violations of protocol
standards (RFCs – Requests for Comments) and abnormal flows such as port scans. This section
introduces ADP, anomaly profiles and applying an ADP profile to a traffic direction.
User This field is not available when you are configuring a to-Zyxel Device policy.
Select a user name or user group to which to apply the policy. The Security Policy is activated
only when the specified user logs into the system and the policy will be disabled when the user
logs out.
Otherwise, select any and there is no need for user logging.
Note: If you specified a source IP address (group) instead of any in the field below, the
user’s IP address should be within the IP address range.
Schedule Select a schedule that defines when the policy applies. Otherwise, select none and the policy is
always effective.
Action Use the drop-down list box to select what the Security Policy is to do with packets that match this
policy.
Select deny to silently discard the packets without sending a TCP reset packet or an ICMP
destination-unreachable message to the sender.
Select reject to discard the packets and send a TCP reset packet or an ICMP destination-
unreachable message to the sender.
Select allow to permit the passage of the packets.
Log matched
traffic
Select whether to have the Zyxel Device generate a log (log), log and alert (log alert) or not (no)
when the policy is matched to the criteria listed above..
UTM Profile Use this section to apply anti- x profiles (created in the Configuration > UTM Profile screens) to
traffic that matches the criteria above. You must have created a profile first; otherwise none
displays.
Use Log to generate a log (log), log and alert (log alert) or not (no) for all traffic that matches
criteria in the profile.
Application
Patrol
Select an Application Patrol profile from the list box; none displays if no profiles have been
created in the Configuration > UTM Profile > App Patrol screen.
Content
Filter
Select a Content Filter profile from the list box; none displays if no profiles have been created in
the Configuration > UTM Profile > Content Filter screen.
IDP Select an IDP profile from the list box; none displays if no profiles have been created in the
Configuration > UTM Profile > IDP screen.
Anti-Virus Select an Anti-Virus profile from the list box; none displays if no profiles have been created in the
Configuration > UTM Profile > Anti-Virus screen.
Anti-Spam Select an Anti-Spam profile from the list box; none displays if no profiles have been created in the
Configuration > UTM Profile > Anti-Spam screen.
SSL
Inspection
Select an SSL Inspection profile from the list box; none displays if no profiles have been created in
the Configuration > UTM Profile > SSL Inspection screen.
OK Click OK to save your customized settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Table 207 Configuration > Security Policy > Policy Control > Add (continued)
LABEL DESCRIPTION
To Next Page
Loading...
