Cisco Cisco Firepower 4120 Security Appliance
Table 100: Out of State Protection Profile Parameters
Parameter
Description
Profile Name
The name of the profile.
Activation Threshold
The rate, in PPS, of out-of-state packets above which the profile considers the
packets to be part of a flood attack. When DefensePro detects an attack, it
issues an appropriate alert and drops the out-of- state packets that exceed the
threshold. Packets that do not exceed the threshold bypass the DefensePro
device.
Values: 1–250,000
Default: 5000
Values: 1–250,000
Default: 5000
Termination Threshold
The rate, in PPS, of out-of-state packets below which the profile considers the
flood attack to have stopped; and DefensePro resumes normal operation.
Values: 0–249,999
Default: 4000
Values: 0–249,999
Default: 4000
Profile Risk
The risk—for reporting purposes—assigned to the attack that the profile
detects.
Values: Info, Low, Medium, High
Default: Low
Values: Info, Low, Medium, High
Default: Low
Allow SYN-ACK
Values:
•
Enabled—The DefensePro device opens a session and processes a
SYN-ACK packet even when the DefensePro has identified no SYN
packet for the session. This option supports asymmetric environments,
when the first packet that DefensePro receives is the SYN-ACK.
•
Disabled—When the DefensePro device receives a SYN-ACK packet and
has identified no SYN packet for the session, DefensePro passes through
the SYN-ACK packet (unprocessed) if the packet is below the specified
activation threshold, and DefensePro drops the packet if it is above the
specified activation threshold.
Default: Enabled
Enable Packet Reporting
Specifies whether the profile reports out-of-state packets. Default:
Disabled
Disabled
Caution:
When this feature is enabled here, for the feature to take effect, the
global setting must be enabled (Configuration perspective, Setup >
Reporting Settings > Advanced Reporting Settings > Packet
Reporting and Packet Trace > Enable Packet Reporting
Reporting Settings > Advanced Reporting Settings > Packet
Reporting and Packet Trace > Enable Packet Reporting
). In addition, a
change to this parameter takes effect only after you update policies.
Profile Action
The action that the profile takes when it encounters out-of-state packets.
Values: Block and Report, Report Only
Default: Block and Report
Values: Block and Report, Report Only
Default: Block and Report
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 150 of 281