Sensor Configuration Page Options

  1. Select Configure>Security>IDP>Sensor in the J-Web user interface.

    The Sensor configuration page appears. explains the contents of this page.

  2. Click one:
    • Add—Adds the detector configuration. Enter information as specified in Table 88.
    • Edit—Updates the existing the detector configuration.
    • Delete— Deletes the existing the detector configuration
  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.
    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.
    • Cancel—Cancels your entries and returns to the main configuration page.

Table 88: Configuring IDP Sensor Configuration Page

Field

Function

Action

Basic
IPS  

Minimum Log Supercade

Specifies the minimum number of logs to trigger the signature hierarchy feature.

Enter an integer.

LOG  

Cache Size

Specifies the size of the cache memory (MB) where IDP stores log records.

Enter an integer.

Disable Suppression

Specifies if the log suppression has to be disabled.

Click the check box.

Include Destination Address

Specifies to combine log records for events with a matching source address.

Select an option from the list.

Max Logs Operate

Specifies the maximum number of logs on which log suppression can operate. IDP can operate on 16,384 log records by default.

Enter an integer.

Max Time Report

Specifies the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default.

Enter an integer.

Start Log

Specifies the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default.

Enter an integer.

Reassembler  

Ignore Memory Overflow

Specifies if the user has to allow per-flow memory to go out of limit.

Select an option from the list.

ignore Reassembly Memory Overflow

Specifies if the user has to allow per-flow reassembly memory to go out of limit.

Select an option from the list.

Max Flow Memory

Specifies maximum per-flow memory for TCP reassembly in kilobytes.

Enter an integer.

Max Packet Memory

Specifies maximum packet memory for TCP reassembly in kilobytes.

Enter an integer.

Advanced 

Select Advanced and click Edit and update the following fields.

IDP Flow  

Allow ICMP Without Flow

Specifies if ICMP has to be allowed without flow.

Select an option from the list.

Log Errors

Specifies if the flow errors have to be logged.

Select an option from the list.

Flow FIFO Max Size

Specifies the maximum FIFO size. The default value is 1.

Enter a value.

Hash Table Size

Specifies the hash table size. The default value is 1024.

Enter a value.

Max Timers Poll Ticks

Specifies the maximum amount of time at which the timer ticks at a regular interval.

Enter a value.

Reject Timeout

Specifies the amount of time in milliseconds within which a response must be received.

Enter a value.

UDP Anticipated Timeout

Specifies the amount of time in milliseconds within which a UDP response must be received.

Enter a value.

Global  

Enable All Qmodules

Specifies if all the qmodules of the global rulebase IDP security policy are enabled.

Select an option from the list.

Enable Packet Pool

Specifies if the packet pool is enabled to be used when the current pool is exhausted.

Select an option from the list.

Policy Lookup Cache

Specifies if the cache is enabled to accelerate IDP policy lookup.

Select an option from the list.

GTP Decapsulation

Specifies if the number of packets that are GPRS tunneling protocol (GTP) packets are decapsulated.

Select an option from the list.

Memory Limit Percent

Specifies to limit IDP memory usage at this percent of available memory.

Enter a value.

IPS  

Detect Shellcode

Specifies if shellcode detection has to be applied.

Select an option from the list.

Ignore Regular Expression

Specifies if the sensor has to bypass DFA and PCRE matching.

Select an option from the list.

Process Ignore Server-to-Client

Specifies if the sensor has to bypass IPS processing for server-to-client flows.

Select an option from the list.

Process Override

Specifies if the sensor has to execute protocol decoders even without an IDP policy.

Select an option from the list.

Process Port

Specifies a port on which the sensor executes protocol decoders.

Enter an integer.

IPS FIFO Max Size

Specifies the maximum allocated size of the IPS FIFO.

Enter an integer.

Detector

Protocol

Specifies the name of the protocol to enable or disable the detector.

Select the name of the protocol from the list.

Tunable Name

Specifies the name of the tunable parameter to enable or disable the protocol detector for each of the services.

Select the name of the specific tunable parameter from the list.

Tunable Value

Specifies the value of the tunable parameter to enable or disable the protocol detector for each of the services.

Enter the protocol value of the specific tunable parameter.

Related Documentation