ZyXEL Communications ZyWALL USG 100 Series

To Next Page

To Previous Page

Chapter 34 IDP

ZyWALL USG 100/200 Series User’s Guide

622

34.8.2 Custom Signature Example

Before creating a custom signature, you must first clearly understand the

vulnerability.

34.8.2.1 Understand the Vulnerability

Check the ZyWALL logs when the attack occurs. Use web sites such as Google or

Security Focus to get as much information about the attack as you can. The more

specific your signature, the less chance it will cause false positives.

As an example, say you want to check if your router is being overloaded with DNS

queries so you create a signature to detect DNS query traffic.

OK Click this button to save your changes to the ZyWALL and return to

the summary screen.

Cancel Click this button to return to the summary screen without saving any

changes.

Table 168 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit (continued)

LABEL DESCRIPTION

Main Page

About this User's Guide3
Document Conventions6
- Syntax Conventions6
Safety Warnings8
Contents Overview9
- Table of Contents9
Table of Contents11
User's Guide31
PART I User's Guide31
Chapter 1 Introducing the Zywall33
- Overview and Key Default Settings33
- Rack-Mounted Installation34
  - Rack-Mounted Installation Procedure34
- Front Panel35
  - Front Panel Leds36
- Management Overview36
- Starting and Stopping the Zywall37
Chapter 2 Features and Applications39
- Features39
- Applications41
- Web Configurator47
Chapter 3 Web Configurator47
- Web Configurator Requirements47
- Web Configurator Access47
- Web Configurator Screens Overview49
Idp52
- Configuration Menu52
Ssl Vpn54
- Main Window57
- Tables and Lists59
- Working with Table Entries61
Chapter 4 Installation Setup Wizard63
- Installation Setup Wizard Screens63
- Device Registration70
- Quick Setup73
Chapter 5 Quick Setup73
- Quick Setup Overview73
- WAN Interface Quick Setup74
- VPN Quick Setup79
- VPN Setup Wizard: Wizard Type80
- VPN Express Wizard - Scenario81
Chapter 6 Configuration Basics91
- Object-Based Configuration91
- Zones, Interfaces, and Physical Ports92
  - Interface Types93
  - Default Interface and Zone Configuration94
- Terminology in the Zywall95
- Packet Flow97
- Feature Configuration Overview100
- Objects111
  - User/Group111
- System112
Chapter 7 Tutorials115
- How to Configure Interfaces, Port Roles, and Zones115
  - Configure a WAN Ethernet Interface116
- Configure the OPT Interface for a Local Network117
- Configure Zones118
- Configure Port Roles119
- How to Configure a Cellular Interface120
- How to Configure Load Balancing122
  - Set up Available Bandwidth on Ethernet Interfaces122
  - Configure the WAN Trunk123
- How to Set up a Wireless LAN125
- How to Set up an Ipsec VPN Tunnel141
- How to Configure a Hub-And-Spoke Ipsec VPN Without a VPN Concentrator144
- How to Configure User-Aware Access Control146
- How to Use a RADIUS Server to Authenticate User Accounts Based on Groups155
- How to Use Endpoint Security and Authentication Policies157
  - Configure the Endpoint Security Objects157
  - Configure the Authentication Policy159
- How to Configure Service Control160
  - Allow HTTPS Administrator Access Only from the LAN161
- How to Allow Incoming H.323 Peer-To-Peer Calls163
- How to Allow Public Access to a Web Server167
- How to Use an IPPBX on the DMZ170
Chapter 8 L2TP VPN Example185
- Configuring the Default L2TP VPN Gateway Example185
- Configuring the Default L2TP VPN Connection Example187
- Configuring the L2TP VPN Settings Example188
- Configuring L2TP VPN in Windows Vista, XP, or 2000189
Technical Reference221
Part II: Technical Reference221
- Dashboard223
Chapter 9 Dashboard223
- Overview223
  - What You Can Do in this Chapter223
- The Dashboard Screen223
Chapter 10 Monitor237
- Overview237
  - What You Can Do in this Chapter237
- The Port Statistics Screen238
  - The Port Statistics Graph Screen240
- Interface Status Screen241
- The Traffic Statistics Screen244
- The Session Monitor Screen247
- The DDNS Status Screen250
- IP/MAC Binding Monitor250
- The Login Users Screen252
- WLAN Interface Station Monitor Screen252
- Cellular Status Screen254
- Application Patrol Statistics256
  - Application Patrol Statistics: General Setup256
  - Application Patrol Statistics: Bandwidth Statistics257
  - Application Patrol Statistics: Protocol Statistics258
  - Application Patrol Statistics: Individual Protocol Statistics by Rule259
- The Ipsec Monitor Screen260
  - Regular Expressions in Searching Ipsec Sas262
- The SSL Connection Monitor Screen263
- L2TP over Ipsec Session Monitor Screen264
- The Anti-Virus Statistics Screen265
- The IDP Statistics Screen267
- The Content Filter Statistics Screen269
- Content Filter Cache Screen270
- The Anti-Spam Statistics Screen273
- The Anti-Spam Status Screen275
- Log Screen276
- Registration279
Chapter 11 Registration279
- Overview279
  - What You Can Do in this Chapter279
  - What You Need to Know279
- The Registration Screen281
- The Service Screen283
Chapter 12 Signature Update285
- Overview285
  - What You Can Do in this Chapter285
  - What You Need to Know285
- The Antivirus Update Screen286
- The Idp/Apppatrol Update Screen287
- The System Protect Update Screen289
- Interfaces291
Chapter 13 Interfaces291
- Interface Overview291
Add330
- WLAN Add/Edit: WEP Security332
- WLAN Add/Edit: WPA-PSK/WPA2-PSK Security333
- WLAN Add/Edit: WPA/WPA2 Security334
Chapter 14 Trunks367
- Overview367
Chapter 15 Policy and Static Routes377
- Policy and Static Routes Overview377
  - What You Can Do in this Chapter377
  - What You Need to Know378
- Policy Route Screen380
  - Policy Route Edit Screen383
- IP Static Route Screen387
  - Static Route Add/Edit Screen388
- Policy Routing Technical Reference389
  - Port Triggering390
  - Maximize Bandwidth Usage391
Chapter 16 Routing Protocols393
- Routing Protocols Overview393
  - What You Can Do in this Chapter393
  - What You Need to Know393
- The RIP Screen394
- The OSPF Screen395
- Routing Protocol Technical Reference404
- Zones407
Chapter 17 Zones407
- Zones Overview407
  - What You Can Do in this Chapter407
  - What You Need to Know408
- The Zone Screen409
- Zone Edit410
- Ddns411
Chapter 18 DDNS411
- DDNS Overview411
  - What You Can Do in this Chapter411
  - What You Need to Know411
- The DDNS Screen412
  - The Dynamic DNS Add/Edit Screen414
- Nat417
Chapter 19 NAT417
- NAT Overview417
  - What You Can Do in this Chapter417
  - What You Need to Know418
- The NAT Screen418
  - The NAT Add/Edit Screen420
  - NAT Technical Reference423
Chapter 20 HTTP Redirect427
- Overview427
- Alg431
Chapter 21 ALG431
- ALG Overview431
Chapter 22 IP/MAC Binding439
- IP/MAC Binding Overview439
Chapter 23 Authentication Policy445
- Overview445
- Firewall453
Chapter 24 Firewall453
- Overview453
- The Firewall Screen461
  - Configuring the Firewall Screen462
  - The Firewall Add/Edit Screen465
- The Session Limit Screen466
  - The Session Limit Add/Edit Screen468
Chapter 25 Ipsec VPN471
- Ipsec VPN Overview471
- The VPN Connection Screen474
  - The VPN Connection Add/Edit (IKE) Screen476
  - The VPN Connection Add/Edit Manual Key Screen483
- The VPN Gateway Screen486
  - The VPN Gateway Add/Edit Screen487
- VPN Concentrator495
- Ipsec VPN Background Information499
  - Ike Sa Overview500
  - Ipsec Sa Overview506
- Ssl Vpn511
- Overview511
  - What You Can Do in this Chapter511
  - What You Need to Know511
Chapter 26 SSL VPN511
- The SSL Access Privilege Screen514
  - Access Policy514
  - The SSL Access Policy Add/Edit Screen516
- The SSL Global Setting Screen519
  - How to Upload a Custom Logo521
- Establishing an SSL VPN Connection522
Chapter 27 SSL User Screens525
- Overview525
  - What You Need to Know525
- Remote User Login526
- The SSL VPN User Screens531
- Bookmarking the Zywall532
- Logging out of the SSL VPN User Screens532
Chapter 28 SSL User Application Screens535
- SSL User Application Screens Overview535
- The Application Screen535
Chapter 29 SSL User File Sharing537
- Overview537
  - What You Need to Know537
- The Main File Sharing Screen538
- Opening a File or Folder538
  - Downloading a File540
  - Saving a File541
- Creating a New Folder541
- Renaming a File or Folder542
- Deleting a File or Folder542
- Uploading a File543
Chapter 30 Zywall Secuextender545
- The Zywall Secuextender Icon545
- Statistics546
- View Log547
- Suspend and Resume the Connection547
- Stop the Connection548
- Uninstalling the Zywall Secuextender548
Chapter 31 L2TP VPN549
- Overview549
  - What You Can Do in this Chapter549
  - What You Need to Know549
- L2TP VPN Screen551
Chapter 32 Application Patrol553
- Overview553
- Application Patrol General Screen563
- Application Patrol Applications564
  - The Application Patrol Edit Screen565
    - The Application Patrol Policy Edit Screen569
  - The Other Applications Screen572
    - The Other Applications Add/Edit Screen575
Chapter 33 Anti-Virus579
- Overview579
Chapter 34 IDP595
- Overview595
Chapter 35 ADP629
- ADP and IDP Comparison629
- What You Can Do in this Chapter629
- What You Need to Know629
- Before You Begin630
- The ADP General Screen631
- The Profile Summary Screen632
Chapter 36 Content Filtering649
- Overview649
Chapter 37 Content Filter Reports673
- Overview673
- Viewing Content Filter Reports673
- Anti-Spam681
Chapter 38 Anti-Spam681
- Overview681
  - What You Can Do in this Chapter681
  - What You Need to Know681
- Before You Begin683
- The Anti-Spam General Screen683
  - Anti-Spam683
  - The Anti-Spam Policy Add or Edit Screen685
- The Anti-Spam Black List Screen687
Edit688
- The Anti-Spam Black or White List Add/Edit Screen689
- Regular Expressions in Black or White List Entries690
- The Anti-Spam White List Screen691
- The DNSBL Screen692
- Anti-Spam Technical Reference694
- Device HA699
Chapter 39 Device HA699
- Overview699
- Device HA General701
- The Active-Passive Mode Screen702
  - Configuring Active-Passive Mode Device HA704
- Configuring an Active-Passive Mode Monitored Interface707
- The Legacy Mode Screen709
- Configuring the Legacy Mode Screen710
- Device HA Technical Reference714
- User/Group721
Chapter 40 User/Group721
- Overview721
  - What You Can Do in this Chapter721
  - What You Need to Know721
- User Summary Screen724
  - User Add/Edit Screen724
- User Group Summary Screen727
  - Group Add/Edit Screen728
- Setting Screen729
  - Default User Authentication Timeout Settings Edit Screens732
  - User Aware Login Example734
- User /Group Technical Reference735
  - Addresses737
Chapter 41 Addresses737
- Overview737
  - What You Can Do in this Chapter737
  - What You Need to Know737
- Address Summary Screen737
  - Address Add/Edit Screen739
- Address Group Summary Screen740
  - Address Group Add/Edit Screen741
- Services743
Chapter 42 Services743
- Overview743
  - What You Can Do in this Chapter743
  - What You Need to Know743
- The Service Summary Screen744
  - The Service Add/Edit Screen746
- The Service Group Summary Screen746
  - The Service Group Add/Edit Screen748
- Schedules749
Chapter 43 Schedules749
- Overview749
  - What You Can Do in this Chapter749
  - What You Need to Know749
- The Schedule Summary Screen750
Chapter 44 AAA Server755
- Overview755
- Active Directory or LDAP Server Summary759
  - Adding an Active Directory or LDAP Server759
- RADIUS Server Summary761
  - Adding a RADIUS Server763
Chapter 45 Authentication Method765
- Overview765
- Authentication Method Objects766
  - Creating an Authentication Method Object767
- Certificates771
Chapter 46 Certificates771
- Overview771
- The My Certificates Screen775
- The Trusted Certificates Screen785
  - The Trusted Certificates Edit Screen786
  - The Trusted Certificates Import Screen790
- Certificates Technical Reference791
- ISP Accounts793
Chapter 47 ISP Accounts793
- Overview793
  - What You Can Do in this Chapter793
- ISP Account Summary793
  - ISP Account Edit794
  - Stac Compression796
- SSL Application797
Chapter 48 SSL Application797
- Overview797
- The SSL Application Screen799
  - Creating/Editing a Web-Based SSL Application Object800
  - Creating/Editing a File Sharing SSL Application Object802
- Endpoint Security805
Chapter 49 Endpoint Security805
- Overview805
  - What You Can Do in this Chapter806
  - What You Need to Know806
- Endpoint Security Screen807
- Endpoint Security Add/Edit809
Chapter 50 System815
- Overview815
  - What You Can Do in this Chapter815
- Host Name816
System Name816
- Date and Time817
  - Pre-Defined NTP Time Servers List819
  - Time Server Synchronization820
- Console Port Speed821
- DNS Overview821
- WWW Overview829
- Ssh846
- Telnet851
  - Configuring Telnet852
- Ftp853
  - Configuring FTP853
- Snmp855
- Dial-In Management859
Chapter 51 Log and Report865
- Overview865
  - What You Can Do in this Chapter865
- Email Daily Report865
- Log Setting Screens867
Chapter 52 File Manager879
- Overview879
- The Configuration File Screen882
- The Firmware Package Screen886
- The Shell Script Screen888
  - Diagnostics891
Chapter 53 Diagnostics891
- Overview891
  - What You Can Do in this Chapter891
- The Diagnostic Screen891
- The Packet Capture Screen892
  - The Packet Capture Files Screen895
  - Example of Viewing a Packet Capture File896
Chapter 54 Reboot899
- Overview899
  - What You Need to Know899
- The Reboot Screen899
Chapter 55 Shutdown901
- Overview901
  - What You Need to Know901
- The Shutdown Screen901
Chapter 56 Troubleshooting903
- Resetting the Zywall920
- System-Default.conf920
- Getting more Troubleshooting Help921
Chapter 57 Product Specifications923
- Static Routes928
- Or WLAN PCMCIA Card Installation932
- Power Adaptor Specifications932
Appendix A Log Descriptions935
Appendix B Common Services995
Protocol995
Appendix C Displaying Anti-Virus Alert Messages in Windows999
Appendix D Importing Certificates1005
Appendix D Importing Certificates1006
Appendix E Wireless Lans1031
- Wireless Lan Topologies1031
- Fragmentation Threshold1035
- Preamble Type1035
- Wireless Security Overview1036
- Dynamic Wep Key Exchange1039
- Security Parameters Summary1044
- Antenna Characteristics1045
- Types of Antennas for Wlan1045
- Positioning Antennas1046
Appendix F Open Software Announcements1047
Syslog-Ng-1.6.51051
Appendix G Legal Information1103
Appendix G Legal Information1104
- Zyxel Limited Warranty1105
Index1107
- SSL Policy1114
- Statistics1117
Types1118
- Static DHCP1118
Metric1118
- Troubleshooting1129
- And OSPF1129
And RIP1129
- Application Patrol1129
- Bandwidth1129
- Idp1129
- Traffic1129

ZyXEL Communications ZyWALL USG 100 Series - Custom Signature Example

Table of Contents

Other manuals for ZyXEL Communications ZyWALL USG 100 Series

Related product manuals