ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

ZyWALL IDP 10 User’s Guide

IDP Policies

6-25

Table 6-7 Configuring a User-defined IDP Policy

LABEL

DESCRIPTION

Attributions

The “attributions” define the characteristics of the intrusion for which you’re configuring a
policy. A traffic flow must match your operating system selections, your protocol
definition and your repetition designation before your rule is invoked.

Name Type a meaningful rule name to identify this policy. You can enter up to 128 single-Byte

or double-Byte characters.

Type Select an appropriate signature category as described in section 6.3.

Note Type some added description for the rule you’re configuring.

Target Select the target operating systems that the intrusion for which you’re configuring a

policy apply (that is, the operating systems you want to protect from this intrusion). SGI
refers to Silicon Graphics Incorporated, who manufactures multi-user Unix workstations
that run the IRIX operating system (SGI's version of UNIX).

Protocol Select the protocol (IP, ICMP, IGMP, TCP or UDP) that characterizes this intrusion type.

You then fill in the corresponding protocol header information further below in this
screen. For example, if you choose IP, then fill in the corresponding IP Header fields
(the other header fields will not be editable).

Severity Assign a severity level based on the seriousness of the intrusion for which you’re

configuring a policy. See Table 6-1 as a reference on policy severity.

Frequency For the protocol defined, type how many packets of the type defined, received on the

ZyWALL per second constitute an “intrusion”.

Action

Select what the ZyWALL should do in response to detecting packets with the above-
defined attributes. You can choose to drop the packet, block the connection, e-mail an
alarm and/or create a log.

IP Header

The next fields define the traffic flow direction, source IP address and destination IP
address to which the policy applies. These fields are only editable when you select IP
from the Protocol field above.

Direction A policy rule direction refers to the intent of the policy rule.

o

Incoming means the policy applies to traffic coming from the WAN to the LAN.

o

Outgoing means the policy applies to traffic coming from the LAN to the WAN.

o

Bidirectional means the policy applies to traffic coming from and going to either
direction.

Some rules such as blocking MSN Login would only apply to outgoing traffic as the intent
is to block outgoing attempts to log into MSN Messenger. Similarly other rules would
only apply to incoming traffic where the intent is to take an action on traffic initiated from
somewhere on the WAN side. Select a direction for user-defined policies if you are clear
on which direction the initiating traffic (from somewhere on the WAN or somewhere on
the LAN) the policy action should apply to; if you’re unsure, select Bidirectional.