ZyWALL Series CLI Reference Guide
412
CHAPTER 45
Collaborative Detection &
Response
45.1 Overview
Collaborative Detection & Response (CDR) allows you to detect wired and WiFi clients that are sending
malicious traffic in your network and then block or quarantine traffic coming from them. In this way,
malicious traffic is not spread throughout the network. Secure policies can block malicious traffic for
specific traffic flows, but CDR can block malicious traffic from the sender. Malicious traffic is identified
using a combination of Web Filtering, Anti-Malware and IPS (IDP) signatures.
45.1.1 CDR Example Scenario
In the following example scenario, clients C1 to C6 are connected to the network. Intrusion Prevention
(IPS) or Anti-Malware signatures have identified malicious traffic coming from clients C1, C2, C4 and C5.
You have configured CDR to take the following actions:
• Traffic from WiFi client C1 is blocked at the AP.
• Traffic from WiFi client C2 is blocked at the Zyxel Device.
• Traffic from wired client C5 is blocked at the Zyxel Device. This traffic can still be broadcast to other clients in the
same subnet, such as C6.
• Traffic from WiFi client C4 is isolated from the network through a quarantine VLAN. Quarantined traffic in a VLAN
isolates traffic from other clients in the same subnet, and only broadcasts to other clients in that same VLAN.
To Next Page
Loading...
