User manual

Chapter 35 ADP
ZyWALL USG 300 User’s Guide
631
35.3.5 Protocol Anomaly Profiles
Protocol anomaly is the third screen in an ADP profile. Protocol anomaly (PA) rules
check for protocol compliance against the relevant RFC (Request for Comments).
Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder,
and ICMP Decoder where each category reflects the packet type inspected.
Protocol anomaly rules may be updated when you upload new firmware.
35.3.6 Protocol Anomaly Configuration
In the Configuration > Anti-X > ADP > Profile screen, click the Edit icon or
click the Add icon and choose a base profile, then select the Protocol Anomaly
tab. If you made changes to other screens belonging to this profile, make sure you
have clicked OK or Save to save the changes before selecting the Protocol
Anomaly tab.
Name This is the name of the traffic anomaly rule. Click the Name column
heading to sort in ascending or descending order according to the rule
name.
Log These are the log options. To edit this, select an item and use the Log
icon.
Action This is the action the ZyWALL should take when a packet matches a rule.
To edit this, select an item and use the Action icon.
Threshold For flood detection you can set the number of detected flood packets per
second that causes the ZyWALL to take the configured action.
OK Click OK to save your settings to the ZyWALL, complete the profile and
return to the profile summary page.
Cancel Click Cancel to return to the profile summary page without saving any
changes.
Save Click Save to save the configuration to the ZyWALL but remain in the
same page. You may then go to the another profile screen (tab) in order
to complete the profile. Click OK in the final profile screen to complete
the profile.
Table 172 Configuration > ADP > Profile > Traffic Anomaly (continued)
LABEL DESCRIPTION