Chapter 22 ADP
NXC5200 User’s Guide
345
22.3.4 Protocol Anomaly Profiles
Protocol anomaly is the third screen in an ADP profile. Protocol anomaly (PA) rules
check for protocol compliance against the relevant RFC (Request for Comments).
Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder,
and ICMP Decoder where each category reflects the packet type inspected.
Protocol anomaly rules may be updated when you upload new firmware.
22.3.5 Protocol Anomaly Configuration
In the Configuration > Anti-X > ADP > Profile screen, click the Edit icon or
click the Add icon and choose a base profile, then select the Protocol Anomaly
tab. If you made changes to other screens belonging to this profile, make sure you
have clicked OK or Save to save the changes before selecting the Protocol
Anomaly tab.
Log
These are the log options. To edit this, select an item and use the Log
icon.
Action
This is the action the NXC should take when a packet matches a rule. To
edit this, select an item and use the Action icon.
Threshold
For flood detection you can set the number of detected flood packets per
second that causes the NXC to take the configured action.
OK
Click OK to save your settings to the NXC, complete the profile and
return to the profile summary page.
Cancel
Click Cancel to return to the profile summary page without saving any
changes.
Save
Click Save to save the configuration to the NXC but remain in the same
page. You may then go to the another profile screen (tab) in order to
complete the profile. Click OK in the final profile screen to complete the
profile.
Table 126
Add/Edit Profile > Traffic Anomaly (continued)
LABEL
DESCRIPTION