Chapter 25 Secure Policy
ZyWALL / USG (ZLD) CLI Reference Guide
175
25.4.5 ADP Add/Edit Profile Commands
These commands create or edit exsiting ADP profiles.
no bind Removes the ADP anomaly profile’s binding.
from-zone zone_profile Specifies the zone the traffic is coming from.
[no] activate Turns on the ADP anomaly profile to traffic direction binding. The no
command turns it off.
idp anomaly rule { delete
<1..32> | move <1..32> to
<1..32> }
Removes or moves an ADP anomaly profile to traffic direction entry.
no idp anomaly rule <1..32> Removes an ADP anomaly profile to traffic direction entry.
show idp anomaly rules Displays the ADP anomaly zone to zone rules.
Table 92 ADP Zone-to-Zone Rule Commands (continued)
LABEL DESCRIPTION
Table 93 ADP Add/Edit Profile Commands
LABEL DESCRIPTION
idp anomaly newpro [base {all
| none}]
Creates a new IDP anomaly profile called newpro. newpro uses the
base profile you specify. Enters sub- command mode. All the following
commands relate to the new profile. Use exit to quit sub-command
mode.
description description Use up to 60 printable ASCII characters
no description The no command removes the descriptive name from the profile.
base {all | none} Use the base profile you specify. You cannot change the base profile if
you specify!
scan-detection sensitivity
{low | medium | high}
Sets scan-detection sensitivity.
no scan-detection
sensitivity
Clears scan-detection sensitivity. The default sensitivity is medium.
scan-detection block-
period <1..3600>
Sets for how many seconds the ZyWALL / USG blocks all packets from
being sent to the victim (destination) of a detected anomaly attack.
[no] scan-detection {tcp-
xxx} {activate | log
[alert] | block}
Activates TCP scan detection options where {tcp-xxx} ={tcp-portscan |
tcp-portscan-fin | tcp-portscan-syn tcp-portsweep }. Also sets TCP
scan- detection logs or alerts and blocking. no deactivates TCP scan
detection, its logs, alerts or blocking.
[no] scan-detection {udp-
portscan } {activate | log
[alert] | block}
Activates or deactivates UDP port scan . Also sets UDP scan-detection
logs or alerts and blocking. no deactivates UDP scan detection, its logs,
alerts or blocking.
flood-detection block-
period <1..3600>
Sets for how many seconds the ZyWALL / USG blocks all packets from
being sent to the victim (destination) of a detected anomaly attack.
[no] flood-detection {tcp-
flood | udp-flood | icmp-
flood | igmp-flood }
{activate | log [alert] |
block}
Activates or deactivates TCP, UDP,IGMP or ICMP flood detection. Also
sets flood detection logs or alerts and blocking. no deactivates flood
detection, its logs, alerts or blocking.
[no] tcp-decoder {tcp-xxx}
activate
Activates or deactivates tcp decoder options where {tcp-xxx} = {bad-
tcp-flag | bad-tcp-l4-size | tcp-land}
tcp-decoder {tcp-xxx} log
[alert]
Sets tcp decoder log or alert options.
To Next Page
Loading...
