Filter
Top Products
Chapter 35 ADP
ZyWALL USG 1000 User’s Guide
604
The following table describes the fields in this screen.
Table 164 Configuration > ADP > Profile > Traffic Anomaly
LABEL DESCRIPTION
Name This is the name of the ADP profile. You may use 1-31 alphanumeric
characters, underscores(_), or dashes (-), but the first character cannot
be a number. This value is case-sensitive. These are valid, unique profile
names:
MyProfile
mYProfile
Mymy12_3-4
These are invalid profile names:
1mYProfile
My Profile
MyProfile?
Whatalongprofilename123456789012
Scan/Flood
Detection
Sensitivity (Scan detection only.) Select a sensitivity level so as to reduce false
positives in your network. If you choose low sensitivity, then scan
thresholds and sample times are set low, so you will have fewer logs and
false positives; however some traffic anomaly attacks may not be
detected.
If you choose high sensitivity, then scan thresholds and sample times are
set high, so most traffic anomaly attacks will be detected; however you
will have more logs and false positives.
Block
Period
Specify for how many seconds the ZyWALL blocks all packets from being
sent to the victim (destination) of a detected anomaly attack.
Activate To turn on an entry, select it and click Activate.
Inactivate To turn off an entry, select it and click Inactivate.
Log To edit an item’s log option, select it and use the Log icon. Select
whether to have the ZyWALL generate a log (log), log and alert (log
alert) or neither (no) when traffic matches this anomaly rule. See
Chapter 51 on page 833 for more on logs.
Action To edit what action the ZyWALL takes when a packet matches a rule,
select the signature and use the Action icon.
none: The ZyWALL takes no action when a packet matches the
signature(s).
block: The ZyWALL silently drops packets that matches the rule. Neither
sender nor receiver are notified.
# This is the entry’s index number in the list.
Status The activate (light bulb) icon is lit when the entry is active and dimmed
when the entry is inactive.