Default tuning parameters

Use the Tuning Parameters page for the Network IPS appliance to view the default parameters for the appliance.

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Tuning Parameters

Navigating in the SiteProtector™ system: select the Tuning Parameters policy

Important: Do not delete any default tuning parameters without prior consent from IBM® Support.
Table 1. Default tuning parameters
Parameter Type Default Value Description
sensor.trace.level Number 3 Specifies the appliance log level.
engine.droplog.enabled Boolean False Determines whether logging of dropped packets is enabled.
engine.adapter.low-water.default Number 1 Specifies the minimum number of packets per traffic sampling interval that are expected to flow on each adapter.
engine.adapter.high-water.default Number 5 Specifies the number of packets per traffic sampling interval that are expected to flow on each adapter.
Note: The high-water mark is used to prevent multiple low traffic warnings from being issued when the traffic is hovering around the low-water mark.
pam.traffic.sample Boolean True Enables traffic sampling for detecting abnormal levels of network activity.
Note: This parameter affects the Network_Quiet and Network_Normal audit events.
pam.traffic.sample.interval Number 300 Specifies the interval, expressed in seconds, at which traffic flow is sampled to detect abnormal levels of network activity.
np.statistics State On Determines whether logging of PAM statistics is enabled.
np.log.quarantine.added State On Logs the details of rules that are added to the quarantine table.
np.log.quarantine.removed State On Logs the details of rules that are removed from the quarantine table before they expired.
np.log.quarantine.expired State On Logs the details of rules that are expired from the quarantine table.
np.firewall.log State On Determines whether to log the details of packets that match firewall rules that are enabled.
np.firewall.log.size Number 100 Specifies the maximum size of the firewall log file in megabytes.
Note: This option accepts integers only. It does not accept decimals.
np.firewall.log.count Number 10 Specifies the maximum number of firewall log files.
np.drop.invalid.checksum Boolean True Determines whether to block packets with checksum errors in inline protection mode.
np.drop.invalid.protocol Boolean True Determines whether to block packets that violate protocol in inline protection mode.
np.drop.rogue.tcp.packets Boolean False Determines whether to block packets that are not part of a known TCP connection in inline protection mode.
np.drop.resource.error Boolean False Determines whether to block packets if there are insufficient resources to inspect them in inline protection mode.
For Firmware version 4.6.2 installations: This tuning parameter is disabled (check box is blank) after a clean installation of the firmware.
The Firmware version 4.6.2 installation affects the behavior for the parameter as follows:
  • If the parameter is disabled, and the Unanalyzed Policy is configured to Drop, unanalyzed packets are dropped.
  • If the parameter is disabled, and the Unanalyzed Policy is configured to Forward, unanalyzed packets are forwarded.
  • If the parameter is enabled with a value set to True and the Unanalyzed Policy is configured to Drop, unanalyzed packets are dropped.
  • If the parameter is enabled with a value set to True and the Unanalyzed Policy is configured to Forward, unanalyzed packets are dropped.
  • If the parameter is enabled with a value set to False and the Unanalyzed Policy is configured to Drop, unanalyzed packets are forwarded.
  • If the parameter is enabled with a value set to False and the Unanalyzed Policy is configured to Forward, unanalyzed packets are forwarded.