About the Sensor Page
You are here: Security Services > IPS > Sensor.
You can configure sensor settings to limit the number of sessions running application identification and also to limit memory usage for application identification.
Field Descriptions
Table 1 describes the fields on the Sensor page.
Field |
Description |
|---|---|
|
Packet Capture |
|
|
Local Storage |
Enable this option to store the PCAP file locally (/var/log/pcap/idp/) on the SRX Series Firewall. |
|
Maximum files |
Enter or select the maximum number of unique packet capture files to create before the oldest file is overwritten by a newly created file. Range: 1 through 5000. |
|
Storage limit |
Enter or select the maximum disk space (Megabytes) that can be used in the Routing Engine for packet capture files. Range: 1 MB through 4096 MB. |
|
External Server |
Enable this option to send the PCAP file to an external server. |
|
IP Address |
Enter the external server IPv4 address that captures the packet. |
|
Port |
Enter or select the port number of the server for SRX Series Firewalls to send the packet capture object. Port number: 0 through 65535. Default port is 2050. |
|
Source Address |
Enter the source IPv4 address for the carrier TCP or UDP packet. |
| Intelligent IDP ByPass | |
|
IDP By Pass |
Enable or disable the IDP Intelligent Bypass option. |
|
IDP By Pass CPU Threshold |
Enter the threshold value. Range: 0 through 99. Default value: 85. |
|
IDP By Pass CPU Tolerance |
Enter the CPU tolerance value. Range: 1 through 99. Default value: 5. |
|
Intelligent Inspection |
Enable or disable this option. If you enable this option, enter the following details:
|
|
Memory Lower Threshold |
Enter the memory lower threshold limit percentage. Range: 1 through 100. |
|
Memory Upper Threshold |
Enter the memory upper threshold limit percentage. Range: 1 through 100. |
| Advanced Settings | |
| IDP Protection Mode | |
|
Protection Mode |
Select an option to specify the inspection parameters for efficient inspection of traffic in the device. The options available are:
|
|
Exception Handling |
|
|
Drop On Limit |
Enable this option to specify the dropped connections on exceeding resource limits. |
|
Drop On Failover |
Enable this option to specify the dropped traffic on HA failover sessions. |
|
Drop If No Policy Loaded |
Enable this option to specify all the dropped traffic till IDP policy gets loaded. |
| IDP Flow | |
|
Log Errors |
Enable this option to specify if the flow errors have to be logged. Select an option from the list. |
|
Flow FIFO Max Size |
Enter a value to specify the maximum FIFO size. Range: : 1 through 65535. Default value is 1. |
|
Hash Table Size |
Enter a value to specify the hash table size. Range: 1024 through 1,000,000. Default value is 1024. |
|
Max Timers Poll Ticks |
Enter a value to specify the maximum amount of time at which the timer ticks at a regular interval. Range: 0 through 1000 ticks. Default value is 1000 ticks. |
|
Reject Timeout |
Enter a value to specify the amount of time in milliseconds within which a response must be received. Range: 1 through 65,535 seconds. Default value is 300 seconds. |
| Global | |
|
Enable All Qmodules |
Select an option from the list to specify all the qmodules of the global rulebase IDP security policy are enabled. |
|
Enable Packet Pool |
Select an option from the list to specify the packet pool is enabled to be used when the current pool is exhausted. |
|
Policy Lookup Cache |
Select an option from the list to specify the cache is enabled to accelerate IDP policy lookup. |
|
Memory Limit Percent |
Enter a value to specify the limit IDP memory usage at this percent of available memory. Range: 10 through 90 percent. |
|
HTTP X-Forwarded |
When you enable this option, during traffic flow, IDP saves the source IP addresses (IPv4 or IPv6) from the contexts of HTTP traffic, and displays it in the attack logs. |
| IPS | |
|
Detect Shellcode |
Select an option from the list to specify if shellcode detection has to be applied. |
|
Ignore Regular Expression |
Select an option from the list to specify if the sensor has to bypass DFA and PCRE matching. |
|
Process Ignore Server-to-Client |
Select an option from the list to specify if the sensor has to bypass IPS processing for server-to-client flows. |
|
Process Override |
Select an option from the list to specify if the sensor has to execute protocol decoders even without an IDP policy. |
|
Process Port |
Enter an integer to specify a port on which the sensor executes protocol decoders. Range: 0 through 65535. |
|
IPS FIFO Max Size |
Enter an integer to specify the maximum allocated size of the IPS FIFO. Range: 1 through 65535. |
|
Minimum Log Supercade |
Enter an integer to specify the minimum number of logs to trigger the signature hierarchy feature. Range: 0 through 65535. |
| Log | |
|
Cache Size |
Enter a value to specify the size in bytes for each user’s log cache. |
|
Disable Suppression |
Enable this option to specify if the log suppression has to be disabled. |
|
Include Destination Address |
Select an option from the list to specify if combine log records for events with a matching source address. |
|
Max Logs Operate |
Enter a value to specify the maximum number of logs on which log suppression can operate. Range is 255 through 65536. |
|
Max Time Report |
Enter a value to specify the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default. |
|
Start Log |
Enter a value to specify the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default. Range is 1 through 128. |
| Reassembler | |
|
Ignore Memory Overflow |
Select an option from the list to specify if the user has to allow per-flow memory to go out of limit. |
|
Ignore Reassembly Memory Overflow |
Select an option from the list to specify if the user has to allow per-flow reassembly memory to go out of limit. |
|
Ignore Reassembly Overflow |
Enable this option to specify the TCP reassembler to ignore the global reassembly overflow to prevent the dropping of application traffic. |
|
Max Flow Memory |
Enter an integer to specify the maximum per-flow memory for TCP reassembly in kilobytes. Range: 64 through 4,294,967,295 kilobytes. |
|
Max Packet Memory |
Enter an integer to specify the maximum packet memory for TCP reassembly in kilobytes. Range: 64 through 4,294,967,295 kilobytes |
|
Max Synacks Queued |
Enter an integer to specify the maximum limit for queuing Syn/Ack packets with different SEQ numbers. Range: 0 through 5 |
| Packet Log | |
|
Max Sessions |
Enter an integer to specify the maximum number of sessions actively conducting pre-attack packet captures on a device at one time. Range: 1 through 100 percent |
|
Total Memory |
Enter an integer to specify the maximum amount of memory to be allocated to packet capture for the device. Range: 1 through 100 percent |
|
Detectors—Click +. The Detector window opens up and enter the following field details. |
|
|
Protocol |
Select the name of the protocol from the list to enable or disable the detector. |
|
Tunable Name |
Select the name of the specific tunable parameter from the list to enable or disable the protocol detector for each of the services. |
|
Tunable Value |
Enter the protocol value of the specific tunable parameter to enable or disable the protocol detector for each of the services. Range: 0 to 4294967295 |