| Flow Management Filters | |
| 7620: TCP Flow Management (5MB) 7621: TCP Flow Management (10MB) 7622: TCP Flow Management (100MB) 7623: TCP Flow Management (500MB) | 7624: UDP Flow Management (5MB) 7625: UDP Flow Management (10MB) 7626: UDP Flow Management (100MB) 7627: UDP Flow Management (500MB) |
| Note: Only one TCP and/or UDP filter should be enabled. | |
Trust as an Action Set: Actions are configured under shared settings; you can create a TRUST or TRUST+NOTIFY action set, which can then be assigned to any DV filter. If traffic matches a filter with an action set of TRUST, a trusted stream is created, and that flow will pass through the IPS uninspected until the trusted stream times out (default 30 minutes). Trusted streams are also shared with the partner IPS in a TRHA configuration.
Implementation and Management
Best practice calls for the Traffic Management Filter to be set to a TRUST action. However, during the initial configuration and observation period, the filter should be set to an action of TRUST+NOTIFY. After the system has been verified to be working properly, the filter should be set to TRUST.