Chapter 3 IPS Filtering

Traffic Threshold Configuration Parameters

The following table describes the Traffic Threshold filter configuration parameters.

Table 3–6: Traffic Threshold Filters Configuration Parameters

Column

Definition

 

 

 

 

Filter Name

Name of the filter

 

 

Incoming Security Zone

Select the security zones for the traffic source (incoming) and

Outgoing Security Zone

destination (outgoing). Only zones with a physical port are

 

included in the selection list.

 

Note The security zone pair that you select must be

 

configured on a Security Profile. Otherwise, traffic

 

between the zones is not inspected by IPS and the

 

Security Profile page displays the following message:

 

No security profile is assigned to the security

 

zones. Traffic will NOT be inspected by the IPS.

Units per Second

Select the type of traffic units to track: Packets, Bytes, and

 

Connections. Then, select the period of time for the historical

 

data used to calculate changes in traffic rates: hour, day, 7 days,

 

30 days, 35 days.

 

 

Monitoring

Determines the action for the Traffic Threshold filter. Select one of

 

the following:

 

Monitor only — device generates a Traffic Threshold report

 

without triggering traffic threshold (no alerts are generated)

 

Monitor with thresholds —when the threshold is triggered, the

 

device performs the action configured for the threshold.

 

 

Thresholds:

The Thresholds parameters specify the high and low rates that will trigger the filter. Thresholds are expressed as a “% of normal” traffic. For example, a threshold of 120% would fire if traffic exceeded the “normal” amount by 20%. A threshold of 80% would fire if the level of traffic dropped by 20% from “normal” amount of traffic. Also set the state of the filter (enabled/disabled) and the action to perform when the filter triggers.

Enabled

For each threshold setting, check to enable the threshold. To

 

disable the threshold, clear the check box.

 

 

Action

For each threshold setting, select an action to perform when the

 

filter triggers. The action only executes if the Traffic Threshold

 

filter monitoring state is set to Monitor with thresholds.

 

 

Above Normal

Major % — Percentage of traffic highly over the threshold

 

Minor % — Percentage of traffic slightly over the threshold

 

 

Below Normal

Major % —Percentage of traffic highly under the threshold

 

Minor % —Percentage of traffic slightly under the threshold

 

 

42 X Family LSM User’s Guide V 2.5.1