Cisco Cisco FirePOWER Appliance 7020
6-48
FireSIGHT System User Guide
Chapter 6 Managing Devices
Editing Device Configuration
Understanding Advanced Device Settings
License:
Any
Supported Devices:
feature dependent
The Advanced section of the Device tab displays a table of advanced configuration settings, as described
in the following table.
in the following table.
You can use the Advanced section to edit any of these settings. See the following sections for more
information:
information:
•
•
•
Automatic Application Bypass
License:
Any
The Automatic Application Bypass (AAB) feature limits the time allowed to process packets through an
interface and allows packets to bypass detection if the time is exceeded. The feature functions with any
deployment; however, it is most valuable in inline deployments.
interface and allows packets to bypass detection if the time is exceeded. The feature functions with any
deployment; however, it is most valuable in inline deployments.
You balance packet processing delays with your network’s tolerance for packet latency. When a
malfunction within Snort or a device misconfiguration causes traffic processing time to exceed a
specified threshold, AAB causes Snort to restart within ten minutes of the failure, and generates
troubleshoot data that can be analyzed to investigate the cause of the excessive processing time.
malfunction within Snort or a device misconfiguration causes traffic processing time to exceed a
specified threshold, AAB causes Snort to restart within ten minutes of the failure, and generates
troubleshoot data that can be analyzed to investigate the cause of the excessive processing time.
In Version 5.3.1 and higher, the default behavior for the AAB option varies by device, as follows:
•
Series 3: off
•
Series 2 and virtual: on
•
ASA FirePOWER: off
•
X-Series: not supported
If you upgrade from a version lower than 5.3, the existing setting is retained. You can change the bypass
threshold if the option is selected. The default setting is 3000 milliseconds (ms). The valid range is from
250 ms to 60,000 ms.
threshold if the option is selected. The default setting is 3000 milliseconds (ms). The valid range is from
250 ms to 60,000 ms.
Table 6-4
Advanced Section Table Fields
Field
Description
Supported Devices
Application Bypass
The state of Automatic Application Bypass on the device. Series 2, Series 3,
Virtual,
ASA FirePOWER
ASA FirePOWER
Bypass Threshold
The Automatic Application Bypass threshold, in
milliseconds.
milliseconds.
Series 2, Series 3,
Virtual
Virtual
Inspect Local Router
Traffic
Traffic
Whether the device inspects traffic received on routed
interfaces that is destined for itself, such as ICMP, DHCP,
and OSPF traffic.
interfaces that is destined for itself, such as ICMP, DHCP,
and OSPF traffic.
Series 3
Fast-Path Rules
The number of fast-path rules that have been created on the
device.
device.
8000 Series,
3D9900
3D9900