Chapter 5 Events: Logs, Traffic Streams, Reports

Managed Streams

The Managed Streams menu pages provide options to review and manage traffic streams that have been blocked, rate-limited, or quarantined by IPS policies. These events are captured by the Threat Suppression Engine (TSE), which uses a blend of ASICs and network processors to detect threats and anomalies in network traffic.

The traffic streams include the following:

Blocked streams— Traffic streams detected and blocked based on filters configured with a Block action set.

Rate-Limited streams — Traffic streams detected and rate limited based on filters configured with a Rate-Limit action set.

Quarantined streams — Traffic streams detected and blocked based on filters configured with a Quarantine action set, or quarantined manually.

For details, see the following topics:

“Blocked Streams” on page 110

“Rate Limited Streams” on page 112

“Quarantined Addresses” on page 113

“Action Sets” on page 44

Blocked Streams

When traffic triggers an IPS filter that has been configured with a Block or Block+Notify action, traffic from the source IP address and port is blocked and an entry is added to the Blocked Streams page, based on the contact configuration in the action set. From the Blocked Streams page, you can:

View and search for information on blocked streams

Manually terminate all or selected blocked stream connections

Figure 5–1: Blocked Streams Page

110X Family LSM User’s Guide V 2.5.1