Filter
Top Products
Chapter 26 ADP
ISG50 User’s Guide
417
The following table describes the fields in this screen.
Table 138 Configuration > ADP > Profile > Traffic Anomaly
LABEL DESCRIPTION
Name This is the name of the ADP profile. You may use 1-31 alphanumeric characters,
underscores(
_), or dashes (-), but the first character cannot be a number. This
value is case-sensitive. These are valid, unique profile names:
MyProfile
mYProfile
Mymy12_3-4
These are invalid profile names:
1mYProfile
My Profile
MyProfile?
Whatalongprofilename123456789012
Scan/Flood
Detection
Sensitivity (Scan detection only.) Select a sensitivity level so as to reduce false positives in
your network. If you choose low sensitivity, then scan thresholds and sample
times are set low, so you will have fewer logs and false positives; however some
traffic anomaly attacks may not be detected.
If you choose high sensitivity, then scan thresholds and sample times are set
high, so most traffic anomaly attacks will be detected; however you will have
more logs and false positives.
Block Period Specify for how many seconds the ISG50 blocks all packets from being sent to the
victim (destination) of a detected anomaly attack.
Activate To turn on an entry, select it and click Activate.
Inactivate To turn off an entry, select it and click Inactivate.
Log To edit an item’s log option, select it and use the Log icon. Select whether to have
the ISG50 generate a log (log), log and alert (log alert) or neither (no) when
traffic matches this anomaly rule. See Chapter 53 on page 705 for more on logs.
Action To edit what action the ISG50 takes when a packet matches a rule, select the
signature and use the Action icon.
none: The ISG50 takes no action when a packet matches the signature(s).
block: The ISG50 silently drops packets that matches the rule. Neither sender
nor receiver are notified.
# This is the entry’s index number in the list.
Status The activate (light bulb) icon is lit when the entry is active and dimmed when the
entry is inactive.
Name This is the name of the traffic anomaly rule. Click the Name column heading to
sort in ascending or descending order according to the rule name.
Log These are the log options. To edit this, select an item and use the Log icon.
Action This is the action the ISG50 should take when a packet matches a rule. To edit
this, select an item and use the Action icon.
Threshold For flood detection you can set the number of detected flood packets per second
that causes the ISG50 to take the configured action.
OK Click OK to save your settings to the ISG50, complete the profile and return to
the profile summary page.