Cisco Cisco Firepower 4120 Security Appliance
Table 45: BDoS Protection (Global): Advanced Parameters (cont.)
Parameter
Description
Learning Suppression
Threshold
The percentage of the specified bandwidth, below which, DefensePro
suppresses BDoS-baseline learning.
The Learning Suppression Threshold feature helps preserve a good BDoS-
The Learning Suppression Threshold feature helps preserve a good BDoS-
baseline value in scenarios where, at times, DefensePro handles very little
traffic.
There are two typical scenarios where, at times, DefensePro handles very little
There are two typical scenarios where, at times, DefensePro handles very little
traffic:
•
Out-of-path deployments—In an out-of-path deployment, when traffic is
diverted through DefensePro for mitigation. During an attack, the traffic is
diverted and routed through DefensePro. During peacetime, no traffic
passes through DefensePro (except for maintenance messages). When
no traffic is diverted to DefensePro, the BDoS learning must be
suppressed to prevent extremely low values affecting the baseline and
ultimately increasing the susceptibility to false positives.
•
Environments where traffic rates change dramatically throughout the day.
The specified bandwidth refers to the Outbound Traffic and Inbound Traffic
parameters under the Network Protection tab, BDoS Profiles
> Outbound Traffic
> Outbound Traffic
|Inbound Traffic.
The Learning Suppression Threshold applies to all BDoS profiles and
controllers, but DefensePro calculates the threshold per Network Protection
policy and specified Direction (Network Protection tab, Network Protection
Policy > Direction
Policy > Direction
). For One Way policies, the Learning Suppression Threshold
considers the inbound bandwidth.
DefensePro treats Two Way policies as two policies, so the Learning
Suppression Threshold calculates the bandwidth for each policy
(inbound/outbound).
Values:
Values:
•
0—Specifies that BDoS profiles use no Learning Suppression
Threshold.
•
1–50
Default: 0
Reset BDoS Baseline
Click to reset the BDoS baseline. Then, select whether to reset the baseline
for all Network Protection policies that contain a BDoS profile, or for a
specific Network Protection policy that contains a BDoS profile; and then,
click Submit.
Resetting baseline-learned statistics clears the baseline traffic statistics and
Resetting baseline-learned statistics clears the baseline traffic statistics and
resets default normal baselines. Reset the baseline statistics only when the
characteristics of the protected network have changed entirely and bandwidth
quotas need to be changed to accommodate the network changes.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 94 of 281