Use the Tuning Parameters page for the Network IPS appliance to view the default parameters for the appliance.
Navigating in the Network IPS Local Management Interface:
Navigating in the SiteProtector™ system: select the Tuning Parameters policy
Parameter | Type | Default Value | Description |
---|---|---|---|
sensor.trace.level | Number | 3 | Specifies the appliance log level. |
engine.droplog.enabled | Boolean | False | Determines whether logging of dropped packets is enabled. |
engine.adapter.low-water.default | Number | 1 | Specifies the minimum number of packets per traffic sampling interval that are expected to flow on each adapter. |
engine.adapter.high-water.default | Number | 5 | Specifies the number of packets per traffic
sampling interval that are expected to flow on each adapter. Note: The
high-water mark is used to prevent multiple low traffic warnings from
being issued when the traffic is hovering around the low-water mark.
|
pam.traffic.sample | Boolean | True | Enables traffic sampling for detecting abnormal
levels of network activity. Note: This parameter affects the Network_Quiet and Network_Normal audit
events.
|
pam.traffic.sample.interval | Number | 300 | Specifies the interval, expressed in seconds, at which traffic flow is sampled to detect abnormal levels of network activity. |
np.statistics | State | On | Determines whether logging of PAM statistics is enabled. |
np.log.quarantine.added | State | On | Logs the details of rules that are added to the quarantine table. |
np.log.quarantine.removed | State | On | Logs the details of rules that are removed from the quarantine table before they expired. |
np.log.quarantine.expired | State | On | Logs the details of rules that are expired from the quarantine table. |
np.firewall.log | State | On | Determines whether to log the details of packets that match firewall rules that are enabled. |
np.firewall.log.size | Number | 100 | Specifies the maximum size of the firewall log
file in megabytes. Note: This option accepts integers only. It does
not accept decimals.
|
np.firewall.log.count | Number | 10 | Specifies the maximum number of firewall log files. |
np.drop.invalid.checksum | Boolean | True | Determines whether to block packets with checksum errors in inline protection mode. |
np.drop.invalid.protocol | Boolean | True | Determines whether to block packets that violate protocol in inline protection mode. |
np.drop.rogue.tcp.packets | Boolean | False | Determines whether to block packets that are not part of a known TCP connection in inline protection mode. |
np.drop.resource.error | Boolean | False | Determines whether to block packets if there
are insufficient resources to inspect them in inline protection mode. For Firmware version 4.6.2 installations: This
tuning parameter is disabled (check box is blank) after a clean installation
of the firmware.
The
Firmware version 4.6.2 installation affects the behavior for the parameter
as follows:
|