Filter
Top Products
Chapter 26 ADP
ISG50 User’s Guide
415
The following table describes the fields in this screen.
26.3.3 Creating New ADP Profiles
You may want to create a new profile if not all rules in a base profile are applicable to your network.
In this case you should disable non-applicable rules so as to improve ISG50 ADP processing
efficiency.
You may also find that certain rules are triggering too many false positives or false negatives. A
false positive is when valid traffic is flagged as an attack. A false negative is when invalid traffic is
wrongly allowed to pass through the ISG50. As each network is different, false positives and false
negatives are common on initial ADP deployment.
You could create a new ‘monitor profile’ that creates logs but all actions are disabled. Observe the
logs over time and try to eliminate the causes of the false alarms. When you’re satisfied that they
have been reduced to an acceptable level, you could then create an ‘inline profile’ whereby you
configure appropriate actions to be taken when a packet matches a rule.
ADP profiles consist of traffic anomaly profiles and protocol anomaly profiles. To create a new
profile, select a base profile (see Table 136 on page 414) and then click OK to go to the profile
details screen. Type a new profile name, enable or disable individual rules and then edit the default
log options and actions.
26.3.4 Traffic Anomaly Profiles
The traffic anomaly screen is the second screen in an ADP profile. Traffic anomaly detection looks
for abnormal behavior such as scan or flooding attempts. In the Configuration > Anti-X > ADP >
Profile screen, click the Edit icon or click the Add icon and choose a base profile. If you made
changes to other screens belonging to this profile, make sure you have clicked OK or Save to save
the changes before selecting the Traffic Anomaly tab.
Table 137 Anti-X > ADP > Profile
LABEL DESCRIPTION
Add Click this to create a new entry.
Edit Select an entry and click this to be able to modify it.
Remove Select an entry and click this to delete it.
# This is the entry’s index number in the list.
Name This is the name of the profile you created.
Base Profile This is the base profile from which the profile was created.