Filter
Top Products
Chapter 22 IDP Commands
ZyWALL (ZLD) CLI Reference Guide
188
22.3.4.1 Creating an Anomaly Profile Example
In this example we create a profile named “test”, configure some settings, display them, and then
return to global command mode.
22.3.5 Editing System Protect
Use these commands to edit the system protect profiles.
22.3.6 Signature Search
Use this command to search for signatures in the named profile.
Router# configure terminal
Router(config)# idp anomaly test
Router(config-idp-anomaly-profile-test)# tcp-decoder oversize-offset action drop
Router(config-idp-anomaly-profile-test)# tcp-decoder oversize-offset log alert
Router(config-idp-anomaly-profile-test)# tcp-decoder oversize-offset activate
Router(config-idp-anomaly-profile-test)# no tcp-decoder oversize-offset activate
Router(config-idp-anomaly-profile-test)# exit
Router(config)# show idp anomaly test tcp-decoder oversize-offset details
message: (tcp_decoder) OVERSIZE-OFFSET ATTACK
keyword: tcp-decoder oversize-offset
activate: no
action: drop
log: log alert
Router(config)#
Table 104 Editing System Protect Profiles
COMMAND DESCRIPTION
idp system-protect Configure the system protect profile. Enters sub-command mode.
All the following commands relate to the new profile. Use
exit to
quit sub-command mode.
[no] signature sid activate Activates or deactivates an IDP signature.
signature sid log [alert] Sets log or alert options for an IDP signature
no signature sid log Deactivates log options for an IDP signature
signature sid action {drop | reject-
sender | reject-receiver | reject-both}
Sets an action for an IDP signature
no signature SID action Deactivates an action for an IDP signature.
show idp system-protect all details Displays the system protect profile details.