127
3 Edit the default log options and actions.
2.6 ADP Profile Configuration
ADP (Anomaly Detection and Prevention) protects against anomalies based on violations of protocol
standards (RFCs – Requests for Comments) and abnormal traffic flows such as port scans.
You may want to create a new profile if not all traffic or protocol rules in a base profile are applicable
to your network. In this case you should disable non-applicable rules so as to improve USG ADP
processing efficiency.
You may also find that certain rules are triggering too many false positives or false negatives. A false
positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is wrongly
allowed to pass through the USG. As each network is different, false positives and false negatives are
common on initial ADP deployment.
You could create a new ‘monitor profile’ that creates logs but all actions are disabled. Observe the
logs over time and try to eliminate the causes of the false alarms. When you’re satisfied that they
have been reduced to an acceptable level, you could then create an ‘inline profile’ whereby you
configure appropriate actions to be taken when a packet matches a detection.
2.6.1 Procedure To Create a New ADP Profile
To create a new profile:
1 Click Configuration > Anti-X > ADP > Profile and in the Profile Management section of this
screen, click the Add icon. A pop-up screen will appear allowing you to choose a base profile. Select
a base profile to go to the profile details screen.
To Next Page
Loading...
