Chapter 49 Troubleshooting
ZyWALL/USG Series User’s Guide
933
Depending on your network topology and traffic load, binding every packet direction to an IDP
profile may affect the ZyWALL/USG’s performance. You may want to focus IDP scanning on certain
traffic directions such as incoming traffic.
IDP is dropping traffic that matches a rule that says no action should be taken.
The ZyWALL/USG checks all signatures and continues searching even after a match is found. If two
or more rules have conflicting actions for the same packet, then the ZyWALL/USG applies the more
restrictive action (reject-both, reject-receiver or reject-sender, drop, none in this order). If a
packet matches a rule for reject-receiver and it also matches a rule for reject-sender, then the
ZyWALL/USG will reject-both.
I uploaded a custom signature file and now all of my earlier custom signatures are gone.
The name of the complete custom signature file on the ZyWALL/USG is ‘custom.rules’. If you import
a file named ‘custom.rules’, then all custom signatures on the ZyWALL/USG are overwritten with
the new file. If this is not your intention, make sure that the files you import are not named
‘custom.rules’.
I cannot configure some items in IDP that I can configure in Snort.
Not all Snort functionality is supported in the ZyWALL/USG.
The ZyWALL/USG’s performance seems slower after configuring ADP.
Depending on your network topology and traffic load, applying an anomaly profile to each and
every packet direction may affect the ZyWALL/USG’s performance.
The ZyWALL/USG routes and applies SNAT for traffic from some interfaces but not from
others.
The ZyWALL/USG automatically uses SNAT for traffic it routes from internal interfaces to external
interfaces. For example LAN to WAN traffic. You must manually configure a policy route to add
routing and SNAT settings for an interface with the Interface Type set to General. You can also
configure a policy route to override the default routing and SNAT behavior for an interface with the
Interface Type set to Internal or External.
To Next Page
Loading...
