Manualshelf

User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentZyWALL 10/10
71727374757677787980
ZyWALL IDP 10 User’s Guide
Chapter 6 IDP Policies 78
Table 20 Configuring a User-defined IDP Policy
LABEL DESCRIPTION
Attributions The “attributions” define the characteristics of the intrusion for which you’re
configuring a policy. A traffic flow must match your operating system selections, your
protocol definition and your repetition designation before your rule is invoked.
Name Type a meaningful rule name to identify this policy. You can enter up to 128 single-
Byte or double-Byte characters.
Type Select an appropriate signature category as described in section Signature
Categories.
Note Type some added description for the rule you’re configuring.
Severity Assign a severity level based on the seriousness of the intrusion for which you’re
configuring a policy. See Table 14 on page 64 as a reference on policy severity.
Operating
System
Select the target operating systems that the intrusion for which you’re configuring a
policy apply (that is, the operating systems you want to protect from this intrusion).
SGI refers to Silicon Graphics Incorporated, who manufactures multi-user Unix
workstations that run the IRIX operating system (SGI's version of UNIX).
Protocol Select the protocol (IP, ICMP, IGMP, TCP or UDP) that characterizes this intrusion
type. You then fill in the corresponding protocol header information further below in
this screen. For example, if you choose IP, then fill in the corresponding IP Header
fields (the other header fields will not be editable).
Repetition For the protocol defined, type how many packets of the type defined, received on the
ZyWALL per second constitute an “intrusion”.
Action Select what the ZyWALL should do in response to detecting packets with the above-
defined attributes. You can choose to drop the packet, block the connection, e-mail
an alarm and/or create a log.
IP Header The next fields define the traffic flow direction, source IP address and destination IP
address to which the policy applies. These fields are only editable when you select IP
from the Protocol field above.
Direction A policy rule direction refers to the intent of the policy rule.
Incoming means the policy applies to traffic coming from the WAN to the LAN.
Outgoing means the policy applies to traffic coming from the LAN to the WAN.
Bidirectional means the policy applies to traffic coming from and going to either
direction.
Some rules such as blocking MSN Login would only apply to outgoing traffic as the
intent is to block outgoing attempts to log into MSN Messenger. Similarly other rules
would only apply to incoming traffic where the intent is to take an action on traffic
initiated from somewhere on the WAN side. Select a direction for user-defined
policies if you are clear on which direction the initiating traffic (from somewhere on
the WAN or somewhere on the LAN) the policy action should apply to; if you’re
unsure, select Bidirectional.