Cisco Cisco FirePOWER Appliance 8130
24-5
FireSIGHT System User Guide
Chapter 24 Using Performance Settings in an Intrusion Policy
Understanding Rule Latency Thresholding
To configure packet latency thresholding:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Latency-Based Packet Handling
under Performance Settings
is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Latency-Based Packet Handling page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.
Step 5
See the
table for recommended minimum
Threshold
settings.
Step 6
Optionally, click
Configure Rules for Latency-Based Packet Handling
at the top of the page to display rules
associated with individual options.
Click
Back
to return to the Latency-Based Packet Handling page.
Step 7
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Understanding Rule Latency Thresholding
License:
Protection
You can balance security with the need to maintain latency at an acceptable level by enabling rule latency
thresholding. Rule latency thresholding measures the elapsed time each rule takes to process an
individual packet, suspends the violating rule along with a group of related rules for a specified time if
the processing time exceeds the rule latency threshold a configurable consecutive number of times, and
restores the rules when the suspension expires.
thresholding. Rule latency thresholding measures the elapsed time each rule takes to process an
individual packet, suspends the violating rule along with a group of related rules for a specified time if
the processing time exceeds the rule latency threshold a configurable consecutive number of times, and
restores the rules when the suspension expires.
Rule latency thresholding measures elapsed time, not just processing time, in order to more accurately
reflect the actual time required for the rule to process a packet. However, latency thresholding is a
software-based latency implementation that does not enforce strict timing.
reflect the actual time required for the rule to process a packet. However, latency thresholding is a
software-based latency implementation that does not enforce strict timing.