Cisco Cisco Firepower Management Center 4000

Many factors affect measurements of system performance, such as CPU speed, data rate, packet size, and 
protocol type. For this reason, Cisco recommends that, if you enable rule latency thresholding, you use 
the threshold settings in the following table until your own calculations provide you with settings 
tailored to your particular network environment.

Determine the following when calculating your settings:

average packets per second

average microseconds per packet

Multiply the average microseconds per packet for your network by a significant safety factor to ensure 
that you do not unnecessarily suspend rules.

Protection

You can enable or disable rule latency thresholding, and modify the rule latency threshold, the 
suspension time for suspended rules, and the number of consecutive threshold violations that must occur 
before suspending rules.

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

Consecutive Threshold Violations 
Before Suspending Rule

Specifies the consecutive number of times rules can take longer than the time set for 

 to inspect packets before rules are suspended.

Suspension Time

Specifies the number of seconds to suspend a group of rules.

1 Gbps

500

100 Mbps

1250

5 Mbps

5000