Simulation Mode Overview

Simulation mode is not a deployment mode, but rather an operational mode. The following sections give an overview of simulation mode:

Topology

The purpose of simulation mode is to enable you to evaluate expected results when you deploy the IDP Series device in transparent mode or sniffer mode. Therefore, in your network topology, you install and connect the IDP Series device where you intend to deploy it in transparent (in-path) or sniffer mode (out-of-path).

Purpose

You operate an IDP Series device in simulation mode in the following situations:

In simulation mode, when the IDP Series device receives a packet, it makes a copy. It transmits the original packet uninspected through the egress interface and enqueues the duplicate packet into the JNET driver receive queue to be processed by the IDP engine. The IDP engine inspects the traffic against your security policy rules and implicit rules, and it generates logs when rules match. The IDP engine then drops the copy of the packet. Figure 7 illustrates packet processing in simulation mode.

Figure 7: Packet Processing in Simulation Mode

Image g036654.gif

Note: Because of packet queueing, when simulation mode is turned on, a few packets that are queued for processing and forwarding might be dropped. This results in retransmission depending on Layer 4 or Layer 7 behavior. When simulation mode is turned off, a few duplicate packets might be forwarded.

Configuration Overview

You use the CLI to enable or disable simulation mode. Simulation mode is disabled by default. You do not need to restart the IDP engine (idp.sh) or push a policy to enable or disable simulation mode.

Logging

In logs, the string [Simulation Mode] appears in the Details column, along with the details of the event. Figure 8 shows a simulation mode log in the NSM log viewer. You can use NSM log and report filters to create log views and reports that filter for (or filter out) simulation mode logs.

Figure 8: NSM Log Viewer: Simulation Mode Logs

Image s036792.gif

Related Documentation

The following related topics are included in IDP Series Deployment Scenarios:

The following related topics are included in the IDP Series Concepts and Examples Guide

The following related topic is included in the IDP Series Administration Guide