4 configuring idp signatures, Figure 114 signature actions, Table 79 signature actions – ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0 User Manual
Page 245
ZyWALL 5/35/70 Series User’s Guide
245
Chapter 13 Configuring IDP
Figure 114 Signature Actions
The following table describes signature actions.
Table 79 Signature Actions
ACTION
DESCRIPTION
No Action
The intrusion is detected but no action is taken.
Drop Packet
The packet is silently discarded.
Drop Session
When the firewall is enabled, subsequent TCP/IP packets belonging to the
same connection are dropped. Neither sender nor receiver are sent TCP RST
packets. If the firewall is not enabled only the packet that matched the signature
is dropped.
Reset Sender
When the firewall is enabled, the TCP/IP connection is silently torn down. Just
the sender is sent TCP RST packets. If the firewall is not enabled only the
packet that matched the signature is dropped.
Reset Receiver
When the firewall is enabled, the TCP/IP connection is silently torn down. Just
the receiver is sent TCP RST packets. If the firewall is not enabled only the
packet that matched the signature is dropped.
Reset Both
When the firewall is enabled, the TCP/IP connection is silently torn down. Both
sender and receiver are sent TCP RST packets. If the firewall is not enabled
only the packet that matched the signature is dropped.
13.3.4 Configuring IDP Signatures
Click IDP in the navigation panel and then click the Signatures tab to see the ZyWALL’s
“group view” signature screen where you can view signatures by attack type. To search for
signatures based on other criteria such as signature name or ID, then click the Switch to query
view link to go to the “query view” screen.
You can take actions on these signatures as described in
. To revert
to the default actions or to save sets of actions, go to the Backup & Restore screen.