ZyXEL Communications ZyXEL ZyWALL 35 Technical Information

ZyWALL IDP 10 Intrusion Detection Prevention Appliance Support Notes Version 1.0 Aug 2004

IDP Support Notes 10 Register ZyWALL IDP ZyWALL IDP comes with a “pre-defined” policy set which requires subscription and can be update at regu

IDP Support Notes 112. Go to ZyXEL Communications online services center. http://www.myZyXEL.com. 3. In case you haven't got an account on

IDP Support Notes 12 5. Press add button to add the ZyWALL IDP you have. 6. In this step you need to enter Serial Number, Authentication Code

IDP Support Notes 13 7. Input the date you purchase the product, and the purpose of the buying. 8. You would get a successful message. Then pr

IDP Support Notes 14 9. From ZyWALL IDP’s Applicable Service List, you will have a service "IDP Signature Update" available. Click Act

IDP Support Notes 15 11. After clicking Submit button, you will get an “Activation Key” and “Service Set Key”. An email with these keys will be

IDP Support Notes 16 Firmware Upgrade 1. Under Maintenance you can find F/W Upload tab. Click browse to select firmware file (.bin) and click

IDP Support Notes 17 Signature Update *Make sure you have registered your ZyWALL IDP before you do the signature update. To update pre-defined

IDP Support Notes 18 Configure User Defined Policy In this example, we describe the procedure of using user defined policy. We take eMule appli

IDP Support Notes 19 4. Start ethereal packet capturing. 5. Initiate eMule connection from the internal PC, be sure to reduce unnecessary tra

IDP Support Notes 2INDEX Application Notes...

IDP Support Notes 20 8. Count the TCP offset and the length of “http://emule-prjoect.net” 9. Create User-defined policy in IDP. Login to IDP’s

IDP Support Notes 21 After click Apply button, we get the summary of the user defined policy. All contents copyright (c) 2004 ZyXEL Communication

IDP Support Notes 22 All contents copyright (c) 2004 ZyXEL Communications Corporation.

IDP Support Notes 23IDP FAQ What is HIDS? Host intrusion detection systems are intrusion detection systems that are installed locally on host m

IDP Support Notes 24Is IDP able to investigate VPN traffic? No, VPN traffics are encrypted, IDP is not able to decrypted VPN traffics, and thus

IDP Support Notes 25crash? ZyWall IDP 10 does not support hardware bypass, so if your ZyWALL IDP 10 lost power or crashed, you will need to eith

IDP Support Notes 269600bps baud rate N81 data format (No Parity, 8 data bits, 1 stop bit) The baud rate of IDP10 is unchangeable. How to tr

IDP Support Notes 27 When should I use VLAN Tag function? Virtual LAN, a groups of network devices (PC, router, etc…) that behave as if they ar

IDP Support Notes 28 Select Maintenance from the menu, and click Restart Tab Click Restart button to restart your ZyWALL IDP. It may take few

IDP Support Notes 29 What does "Stealth" mean, why should I need it? When you enable Stealth mode on an interface (WAN/LAN/MGMT), it

IDP Support Notes 3Why can’t I input mail server address by domain name?...32 What’s “Drop”

IDP Support Notes 30 What's Pre-defined signature? Pre-defined signatures are signatures created by ZyXEL Security Response Team (ZSRT). Th

IDP Support Notes 31 And you should make sure your ZyWALL IDP 10 has updated policy to the latest version. Go to WEB InterfaceÆHome. I can’t

IDP Support Notes 32stealth mode on WAN (or LAN) interface. Additionally, since ZyWALL IDP10 downloads the latest policies periodically from the

IDP Support Notes 33 What’s “Drop” and “Block Connection” for Action of User Defined Policy? Action of “Drop”, will drop the traffic that matche

IDP Support Notes 34created to check Outgoing direction, it is applied on LAN interface. While a policy is set Bi-directional, it is applied on b

IDP Support Notes 35 If the IDP is placed on the entry point of a Wireless LAN network, we recommend you to apply policy check on the WAN interfa

IDP Support Notes 36 What’s the priority among Pre-defined policy and User-defined policy? The User-defined policies are always checked before t

IDP Support Notes 37 Step4. Search this policy by the Policy ID in IDP>>Pre-defined>>Policy Search. Step5. Under the search resul

IDP Support Notes 38 Step6. Switch your IDP back to Inline state and activate them by clicking Apply. Then try to run the application again. S

IDP Support Notes 39 Step8. If it was still unable to run then please repeat step 3, 4, 5 until identify and correct this False Positives po

IDP Support Notes 4Application Notes Deploy IDP IDP functions as a plug and play bridge device filtering malicious traffic from attacking your n

IDP Support Notes 40 stateful <ON/OFF> Enable/disable TCP state check integrity <ON/OFF> Setup TCP idle

IDP Support Notes 41 off Disable remote SSH access acl <ip address> Setup access control list ip address

IDP Support Notes 42Debug mode CLI Command Command Description set system ip <ip> Setup device temporary ip address in the debug

IDP Support Notes 5Servers/PC 192.168.2.5-10 LAN1: 192.168.1.5-50 LAN2: 192.168.1.51-100 WLAN: 192.168.1.101-130 Data Center: 192.168.1.131-14

IDP Support Notes 6Setup IP address of IDP (A, B, C, D, E, F) 1. Configure each IDP device’s IP address. Since IDP is a bridge device, it only h

IDP Support Notes 71. Connect one PC to IDP’s management port by crossed Ethernet cable. Make sure MGMT port light is on. 2. Go to Start->

IDP Support Notes 8 5. Go to SYSTEM->General->Device, input IDP (A,)’s IP address, subnet mask, default gateway, DNS server’s IP address.

IDP Support Notes 9 Connect the MGMT/LAN/WAN ports of all IDP devices to the network according to the deployment topology (192.168.1.0/24). Logi