Table 250describes the available options for the IDP Sensor configuration page.
Table 250: Configuring IDP Sensor
Field |
Function |
Action |
---|---|---|
Basic |
Select Basic and click Edit and update the following fields. |
|
IPS | ||
Minimum Log Supercade |
Specifies the minimum number of logs to trigger the signature hierarchy feature. |
Enter an integer. |
LOG | ||
Cache Size |
Specifies the size of the cache memory (MB) where IDP stores log records. |
Enter an integer. |
Disable Suppression |
Specifies if the log suppression has to be disabled. |
Click the check box. |
Include Destination Address |
Specifies to combine log records for events with a matching source address. |
Select an option from the list. |
Max Logs Operate |
Specifies the maximum number of logs on which log suppression can operate. IDP can operate on 16,384 log records by default. |
Enter an integer. |
Max Time Report |
Specifies the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default. |
Enter an integer. |
Start Log |
Specifies the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default. |
Enter an integer. |
Reassembler | ||
Ignore Memory Overflow |
Specifies if the user has to allow per-flow memory to go out of limit. |
Select an option from the list. |
ignore Reassembly Memory Overflow |
Specifies if the user has to allow per-flow reassembly memory to go out of limit. |
Select an option from the list. |
Max Flow Memory |
Specifies maximum per-flow memory for TCP reassembly in kilobytes. |
Enter an integer. |
Max Packet Memory |
Specifies maximum packet memory for TCP reassembly in kilobytes. |
Enter an integer. |
Advanced |
Select Advanced and click Edit and update the following fields. |
|
IDP Flow | ||
Allow ICMP Without Flow |
Specifies if ICMP has to be allowed without flow. |
Select an option from the list. |
Log Errors |
Specifies if the flow errors have to be logged. |
Select an option from the list. |
Flow FIFO Max Size |
Specifies the maximum FIFO size. The default value is 1. |
Enter a value. |
Hash Table Size |
Specifies the hash table size. The default value is 1024. |
Enter a value. |
Max Timers Poll Ticks |
Specifies the maximum amount of time at which the timer ticks at a regular interval. |
Enter a value. |
Reject Timeout |
Specifies the amount of time in milliseconds within which a response must be received. |
Enter a value. |
UDP Anticipated Timeout |
Specifies the amount of time in milliseconds within which a UDP response must be received. |
Enter a value. |
Global | ||
Enable All Qmodules |
Specifies if all the qmodules of the global rulebase IDP security policy are enabled. |
Select an option from the list. |
Enable Packet Pool |
Specifies if the packet pool is enabled to be used when the current pool is exhausted. |
Select an option from the list. |
Policy Lookup Cache |
Specifies if the cache is enabled to accelerate IDP policy lookup. |
Select an option from the list. |
GTP Decapsulation |
Specifies if the number of packets that are GPRS tunneling protocol (GTP) packets are decapsulated. |
Select an option from the list. |
Memory Limit Percent |
Specifies to limit IDP memory usage at this percent of available memory. |
Enter a value. |
IPS | ||
Detect Shellcode |
Specifies if shellcode detection has to be applied. |
Select an option from the list. |
Ignore Regular Expression |
Specifies if the sensor has to bypass DFA and PCRE matching. |
Select an option from the list. |
Process Ignore Server-to-Client |
Specifies if the sensor has to bypass IPS processing for server-to-client flows. |
Select an option from the list. |
Process Override |
Specifies if the sensor has to execute protocol decoders even without an IDP policy. |
Select an option from the list. |
Process Port |
Specifies a port on which the sensor executes protocol decoders. |
Enter an integer. |
IPS FIFO Max Size |
Specifies the maximum allocated size of the IPS FIFO. |
Enter an integer. |
Detector |
Click Detector and click Add or Edit and update the following fields. |
|
Protocol |
Specifies the name of the protocol to enable or disable the detector. |
Select the name of the protocol from the list. |
Tunable Name |
Specifies the name of the tunable parameter to enable or disable the protocol detector for each of the services. |
Select the name of the specific tunable parameter from the list. |
Tunable Value |
Specifies the value of the tunable parameter to enable or disable the protocol detector for each of the services. |
Enter the protocol value of the specific tunable parameter. |
describes the available options for the IDP Sensor configuration page.
Table 251: Configuring IDP Sensor Detector
Field |
Function |
Action |
---|---|---|
Detector | ||
Add |
Add the detector configuration |
Click Detector and click Add on the task bar. Update the Detector configuration fields as provided inTable 250. |
Edit |
Updates the existing the detector configuration |
Click Detector. Select an existing Detector configuration and click Edit on the task bar. Update the Detector configuration fields as provided inTable 250 for configuring Detector . |
Delete |
Deletes the existing the detector configuration |
Click Detector and click Delete on the task bar. |