beautypg.com

User-defined policies, 6 user-defined policies – ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

Page 66

background image

ZyWALL IDP 10 User’s Guide

6-20

IDP

Policies

Table 6-5 Update Policies

LABEL

DESCRIPTION

Update Server

Enter the IP address or URL of the IDP policy server (from which you download the
updated IDP policies).The default server at the time of writing is updateidp.zyxel.com. It
is also possible to use updateidp.zyxel.com.tw.

Check Click this button to have the ZyWALL verify that the connection to the specified Update

Server is valid.

Update Now Click this button to begin downloading policies from the Update Server immediately.

Auto Download &
Update

Select Enable to have the ZyWALL automatically download policies from the Update
Server regularly at the time and day specified below.

Update Schedule

This is only relevant when you select Enable in Auto Download & Update.

Day Select the day(s) you want the ZyWALL to automatically download policies from the

Update Server.

Time Select the time you want the ZyWALL to begin automatically downloading policies from

the Update Server.

Apply

Click this button to save your changes back to the ZyWALL.

Reset

Click this button to close this screen without saving any changes.

6.6 User-defined

Policies

You need some knowledge of packet header types and OSI (Open System Interconnection) to create
your own User-defined rules.

Rule ordering is important as rules are applied in turn. You can order user-defined rules as you wish.

User-defined rules are checked before pre-defined rules.

The total number of pre-defined and user-defined rules allowed on the ZyWALL is 3,000. The total
number of user-defined rules allowed is 128. You can import up to a maximum of 128 rules as long as
the total (pre-defined and user-defined) number of rules does not exceed 3,000. Therefore if you have
2,900 pre-defined rules and 50 user-defined rules, you may only import up to an additional 50 user-
defined rules. If you try to import more than this the import will fail.

User-defined policies of the same name are allowed as the ZyWALL uniquely identifies each user-
defined rule by assigning a (hidden) ID number; however it is recommended you give unique names to
identify each rule more easily.

The ZyWALL cannot check encrypted traffic such as VPN tunnel

traffic. There is a log entry every hour that shows how many
encrypted packets have passed through the ZyWALL in one hour.

Click IDP from the navigation panel and then click the User-defined tab.

See also other documents in the category ZyXEL Communications Hardware: