Cisco Cisco Firepower Management Center 4000

Protection

The following table describes the options you can set to configure packet latency thresholding.

You can enable rule 134:3 to generate an event when the system stops inspecting a packet because the 
packet latency threshold is exceeded. See 

 and 

 for more information.

Many factors affect measurements of system performance and packet latency, such as CPU speed, data 
rate, packet size, and protocol type. For this reason, Cisco recommends that if you enable packet latency 
thresholding, you use the threshold settings in the following table until your own calculations provide 
you with settings tailored to your particular network environment.

Determine the following when calculating your settings:

average packets per second

average microseconds per packet

Multiply the average microseconds per packet for your network by a significant safety factor to ensure 
that you do not unnecessarily discontinue packet inspections.

For example, the 

 table recommends a minimum packet 

latency threshold of 100 microseconds in a one gigabit environment. This minimum recommendation is 
based on test data showing an average of 250,000 packets per second, which is 0.25 packets per 
microsecond or, said differently, 4 microseconds per packet. Multiplying by a factor of twenty-five 
results in a recommended minimum threshold of 100 microseconds.

Protection

You can enable or disable packet latency thresholding and modify the latency threshold.

Threshold

Specifies the time in microseconds when inspection of a packet ceases. See 
the 

 table for recommended 

minimum threshold settings.

1 Gbps

100 

100 Mbps

250

5 Mbps

1000