Configuring the Zone-based Defense Policy

After you create a Zone, configure a defense policy specifically for the Zone so that attack traffic can be blocked. When the Zone identifies abnormal traffic or is under attack, you can refer to the defense status information on the Versatile Security Manager (VSM) graphical user interface (GUI) to handle anomalies or attacks.

Choose Defense > Policy Settings > Zone. On the page that is displayed, you can manage the defense policies of the Zone. For details, see Table 1 and Table 2.

**Table 1** Managing the defense policies of the Zone
Action	Description
Configure defense policies	Click of the Zone. For details, see Configuring a Filter and Configuring the Zone-based Defense Policy.
Deploy	Policies configured for a Zone take effect only after they are deployed on associated devices. Select the check box of a Zone and click . For details, Deploying the Defense Policy.
Undeploy	Remove the policy configurations of a Zone from associated devices, but keep the configurations on the ATIC Management center. Select the check box of a Zone and click .
Handle anomalies or attack events	When a Zone identifies abnormal traffic or is under attack, Status is Abnormal or Attacked. Click the state value of the Status column of the Zone and perform appropriate operations. For details, see Handling Abnormal Events.

**Table 2** Parameters of Zone policies
Parameter	Description
Zone	Indicates the Zone name defined when you create the Zone. For details, see Adding a Zone.
Type	Indicates the type of Zone.
Device Name	Indicates the detecting or cleaning device that provides anti-DDoS services for the Zone.
Baseline Learning	Indicates the state of the Zone-associated devices that perform baseline learning on traffic. Click the state value to configure the baseline learning task or view baseline learning results. For details, see Configuring the Baseline Learning.
Operation Status	Indicates the state of Zone traffic. Normal: The Zone traffic is normal or the Zone is not associated with any AntiDDoS. Abnormal: The Zone traffic does not comply with the normal model. That is, the traffic exceeds the threshold specified in the defense policy. Attacked: After traffic anomalies are detected on the cleaning device and the defense mechanism is enabled, the cleaning device starts to discard packets and the packet drop probability is higher than the specified value. If Operation Status of the Zone is Abnormal or Attacked, and Defense Status is Not defended or Part Defended, click the state value in the Operation Status column. You can view the abnormal events and handle them. For details, see Handling Abnormal Events.
Defense Status	Indicates the state that the cleaning device processes anomaly or attack traffic for the Zone. --: The Zone traffic is normal and no defense mechanism is required. Automatically Defended: The defense mechanism is automatically enabled for abnormal traffic. Not defended: The Zone traffic is abnormal, but the defense mechanism is not enabled for abnormal traffic. You need to manually enable the defense mechanism. Part Defended: The defense mechanism is manually enabled for part of abnormal traffic. Defended: The defense mechanism is manually enabled for all abnormal traffic. If Operation Status of the Zone is Abnormal or Attacked, and Defense Status is Not defended or Part Defended, click the state value in the Operation Status column. You can view the abnormal events and handle them. For details, see Handling Abnormal Events.
Diversion Status	NOTE: The NFA2000V does not support . Determines whether Zone traffic is diverted to the cleaning device. In diverting: All traffic diversion tasks in the Zone are enabled. Partial Diversion: The zone has multiple traffic diversion tasks. Some tasks are enabled, and some tasks are not enabled. Not diverted: The Zone has no traffic diversion tasks, or all traffic diversion tasks in the Zone are disabled. Confirmed Divert: When the device reports detected abnormal traffic to the ATIC, the ATIC generates traffic diversion tasks. After being confirmed by the administrator, the traffic diversion tasks will be delivered to the cleaning device. On the anti-DDoS network in off-line deployment, when one of the following status occurs, click the corresponding diversion Status to check whether a traffic diversion task is created for the Zone or the traffic diversion task is enabled on the Traffic Diversion Task List tab page. For details, see Configuring BGP Traffic Diversion (ATIC). The diversion Status of the Zone is Not diverted and the Zone state is Abnormal. The diversion Status of the Zone is Partial Diversion and the Zone state is Abnormal. The diversions status of the Zone is Confirmed Divert and the Zone status is Normal.
Deployment Status	Indicates the state whether the Zone policy is deployed on devices. The value can be Notdeployed, Succeed, Part Deployed, or Failed. If Deployment Status is Failed, click Failed to view details on policy deployment and undeployment on the Zone-associated devices. If Deployment Status is Part Deployed, click Part Deployed to view the new policies that are not deployed on the Zone-associated devices.