Filter
Top Products
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
489
Action To edit what action the ZyWALL takes when a packet matches a signature,
select the signature and use the Action icon.
none: Select this action on an individual signature or a complete service
group to have the ZyWALL take no action when a packet matches the
signature(s).
drop: Select this action on an individual signature or a complete service
group to have the ZyWALL silently drop a packet that matches the
signature(s). Neither sender nor receiver are notified.
reject-sender: Select this action on an individual signature or a complete
service group to have the ZyWALL send a reset to the sender when a
packet matches the signature. If it is a TCP attack packet, the ZyWALL will
send a packet with a ‘RST’ flag. If it is an ICMP or UDP attack packet, the
ZyWALL will send an ICMP unreachable packet.
reject-receiver: Select this action on an individual signature or a
complete service group to have the ZyWALL send a reset to the receiver
when a packet matches the signature. If it is a TCP attack packet, the
ZyWALL will send a packet with an a ‘RST’ flag. If it is an ICMP or UDP
attack packet, the ZyWALL will do nothing.
reject-both: Select this action on an individual signature or a complete
service group to have the ZyWALL send a reset to both the sender and
receiver when a packet matches the signature. If it is a TCP attack packet,
the ZyWALL will send a packet with a ‘RST’ flag to the receiver and sender.
If it is an ICMP or UDP attack packet, the ZyWALL will send an ICMP
unreachable packet.
# This is the entry’s index number in the list.
Status The activate (light bulb) icon is lit when the entry is active and dimmed
when the entry is inactive.
Service Click the + sign next to a service group to expand it. A service group is a
group of related IDP signatures.
Message This is the name of the signature.
SID This is the signature ID (identification) number that uniquely identifies a
ZyWALL signature.
Severity These are the severities as defined in the ZyWALL. The number in brackets
is the number you use if using commands.
Severe (5): These denote attacks that try to run arbitrary code or gain
system privileges.
High (4): These denote known serious vulnerabilities or attacks that are
probably not false alarms.
Medium (3): These denote medium threats, access control attacks or
attacks that could be false alarms.
Low (2): These denote mild threats or attacks that could be false alarms.
Very Low (1): These denote possible attacks caused by traffic such as
Ping, trace route, ICMP queries etc.
Policy Type This is the attack type as defined on the ZyWALL. See Table 146 on page
490 for a description of each type.
Table 145 Configuration > Anti-X > IDP > Profile > Group View (continued)
LABEL DESCRIPTION