ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

ZyWALL IDP 10 User’s Guide

IDP Policies

6-15

Table 6-3 Selecting Pre-defined Policies

LABEL

DESCRIPTION

Pre-defined Policy Group Setting

Modify

Click this button to display a screen where you can batch enable or disable policy types
based on severity and/or target operating system. You can also batch enable or disable
peer-to-peer, instant messaging and spam signature categories.

Pre-defined Policy

Policy Search

You can search for policies based on policy name or ID number. Select By Name or By
Policy ID form the drop-down list box, enter a (partial) name or a complete, exact ID
number in the text box and then click Search. The name entered in the text box is not
case sensitive.

After a search is performed, click IDP in the navigation panel to display all policies again.

Policy Query

Alternatively, you can search for policies based on a combination of signature category
(policy type), severity and/or attack target operating system. Hold the <CTRL> key to
select multiple items and then click Query. After a search is performed, click IDP in the
navigation panel to display all policies again.

By Type Select one item or hold the <CTRL> key to select multiple items. See section 6.3 for

more information on signature categories.

AND/OR Logical AND means that all criteria must be fulfilled before a match is deemed found.

Logical OR means that at least one of the criteria must be fulfilled before a match is
deemed found.

By Severity Select one item or hold the <CTRL> key to select multiple items. See Table 6-1 for more

information on policy severity.

By Operating

System

This search category finds policies that were intended to defend specific operating
systems due to the intrusion being targeted at a weakness in that operating system.
Select one item or hold the <CTRL> key to select multiple items.

|<Prev Next >|

Use these buttons to navigate between first, previous, next and last pages of the pre-
defined policies downloaded.

#

This is the ore-defined policy index number. Pre-defined rules have already been
ordered for you and cannot be re-ordered.

Enable

Clear this checkbox to have the ZyWALL skip this rule when detecting intrusions. You
can enable or disable individual policies here or enable/disable a batch of policies using
the screen that appears after you click Modify.

Alarm

An alarm is an action (an e-mail is sent) to be taken on the policy when a packet
matches a rule. Alarm e-mails are not sent instantly but rather at periodic intervals
(minimum five minutes).

Select this checkbox to enable the alarm action. For other actions, select from the
Action drop-down list box.

Type

This field refers to the signature category as described in section 6.3.

Name

The (read-only) policy name identifies a specific signature targeted at a specific
intrusion.