Sensor Configuration Page Options
- Select Configure>Security>IDP>Sensor in the
J-Web user interface.
The Sensor configuration page appears. explains the contents of this page.
- Click one:
- Add—Adds the detector configuration. Enter information as specified in Table 82.
- Edit—Updates the existing the detector configuration.
- Delete— Deletes the existing the detector configuration
- Click one:
- OK—Saves the configuration and returns to the main configuration page.
- Commit Options>Commit—Commits the configuration and returns to the main configuration page.
- Cancel—Cancels your entries and returns to the main configuration page.
Table 82: Configuring IDP Sensor Configuration Page
Field | Function | Action |
---|---|---|
Basic | ||
IPS | ||
Minimum Log Supercade | Specifies the minimum number of logs to trigger the signature hierarchy feature. | Enter an integer. |
LOG | ||
Cache Size | Specifies the size of the cache memory (MB) where IDP stores log records. | Enter an integer. |
Disable Suppression | Specifies if the log suppression has to be disabled. | Click the check box. |
Include Destination Address | Specifies to combine log records for events with a matching source address. | Select an option from the list. |
Max Logs Operate | Specifies the maximum number of logs on which log suppression can operate. IDP can operate on 16,384 log records by default. | Enter an integer. |
Max Time Report | Specifies the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default. | Enter an integer. |
Start Log | Specifies the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default. | Enter an integer. |
Reassembler | ||
Ignore Memory Overflow | Specifies if the user has to allow per-flow memory to go out of limit. | Select an option from the list. |
ignore Reassembly Memory Overflow | Specifies if the user has to allow per-flow reassembly memory to go out of limit. | Select an option from the list. |
Max Flow Memory | Specifies maximum per-flow memory for TCP reassembly in kilobytes. | Enter an integer. |
Max Packet Memory | Specifies maximum packet memory for TCP reassembly in kilobytes. | Enter an integer. |
Advanced | Select Advanced and click Edit and update the following fields. | |
IDP Flow | ||
Allow ICMP Without Flow | Specifies if ICMP has to be allowed without flow. | Select an option from the list. |
Log Errors | Specifies if the flow errors have to be logged. | Select an option from the list. |
Flow FIFO Max Size | Specifies the maximum FIFO size. The default value is 1. | Enter a value. |
Hash Table Size | Specifies the hash table size. The default value is 1024. | Enter a value. |
Max Timers Poll Ticks | Specifies the maximum amount of time at which the timer ticks at a regular interval. | Enter a value. |
Reject Timeout | Specifies the amount of time in milliseconds within which a response must be received. | Enter a value. |
UDP Anticipated Timeout | Specifies the amount of time in milliseconds within which a UDP response must be received. | Enter a value. |
Global | ||
Enable All Qmodules | Specifies if all the qmodules of the global rulebase IDP security policy are enabled. | Select an option from the list. |
Enable Packet Pool | Specifies if the packet pool is enabled to be used when the current pool is exhausted. | Select an option from the list. |
Policy Lookup Cache | Specifies if the cache is enabled to accelerate IDP policy lookup. | Select an option from the list. |
GTP Decapsulation | Specifies if the number of packets that are GPRS tunneling protocol (GTP) packets are decapsulated. | Select an option from the list. |
Memory Limit Percent | Specifies to limit IDP memory usage at this percent of available memory. | Enter a value. |
IPS | ||
Detect Shellcode | Specifies if shellcode detection has to be applied. | Select an option from the list. |
Ignore Regular Expression | Specifies if the sensor has to bypass DFA and PCRE matching. | Select an option from the list. |
Process Ignore Server-to-Client | Specifies if the sensor has to bypass IPS processing for server-to-client flows. | Select an option from the list. |
Process Override | Specifies if the sensor has to execute protocol decoders even without an IDP policy. | Select an option from the list. |
Process Port | Specifies a port on which the sensor executes protocol decoders. | Enter an integer. |
IPS FIFO Max Size | Specifies the maximum allocated size of the IPS FIFO. | Enter an integer. |
Detector | ||
Protocol | Specifies the name of the protocol to enable or disable the detector. | Select the name of the protocol from the list. |
Tunable Name | Specifies the name of the tunable parameter to enable or disable the protocol detector for each of the services. | Select the name of the specific tunable parameter from the list. |
Tunable Value | Specifies the value of the tunable parameter to enable or disable the protocol detector for each of the services. | Enter the protocol value of the specific tunable parameter. |