Views:

You can configure the global settings for the Threat Suppression Engine (TSE). These options include the following:

  • Connection Table Timeout: The value for the global connection table timeout. This value is 30-1800 seconds. This value applies to all blocked streams in the connection table and determines the time that elapses before that connection is cleared from the connection table. Before that period of time elapses, any incoming packets for that stream are blocked at the box. After the connection is cleared, the incoming connection is allowed (if its action set has changed) or re-added to the blocked list. Separate settings are available for TCP and non-TCP traffic.
  • Trusted Streams: Specifies the global timeout interval for the trust table. This value determines the time interval that elapses before the trusted connection is cleared from the trust table.
  • Asymmetric Network: The dynamic sharing and bandwidth used to increase network traffic performance. If you configure the device through the TSE configuration for an asymmetric network, the SYN flood detection or DDoS filters will be disabled. The TSE will not see both sides of a TCP connection.
  • Quarantine: Specifies the global timeout for the quarantine table. For quarantined hosts in the quarantine table, this value determines the time interval that elapses before the host is cleared from the table. After the host is cleared (the timeout interval expires), quarantined addresses can be automatically released if that option is selected.
     
    If you unmanage and remanage a device, the quarantine settings are reset to the default values.
    • GZIP Decompression: When enabled, permits decompression of GZIP HTTP responses.
    • IDS Mode: This mode automatically configures the device to operate like an Intrusion Detection System (IDS).
      • Performance protection is disabled.
      • Adaptive Filtering mode is set to Manual.
      • Filters currently set to Block are not switched to Permit, and Block filters can still be set.
     
    You must reboot the device before the change takes effect.
    • HTTP Response Processing: Specifies inspection of encoded HTTP responses.
      • Accelerated inspection of responses: Hardware acceleration detects, and decodes encoded HTTP responses.
      • Inspection of responses: Enables strict detection and decoding of encoded HTTP responses.
      • Ignore responses: The device does not detect or decode encoded HTTP responses.
    • DNS Reputation: You can return the NXDOMAIN (domain name) response to DNS domain queries blocked by Reputation.
    • HTTP Mode: You can enable the HTTP Mode for the device. Allows all TCP ports to be treated as HTTP ports for inspection purposes. Enable this feature only on devices that primarily handle HTTP traffic so that optimum performance is maintained.

     

    Procedure:

    1. Log in to the SMS from a client.
    2. On the SMS toolbar, navigate to Devices > All Devices and expand the tab.
    3. Select a device from the display window and do one of the following:
      • Right-click and select Edit > Device Configuration.
      • On the top menu, select Edit > Details > Device Configuration.
      • Double-click the device and click on Device Configuration.
    4. On the Device Configuration Wizard screen, click the TSE Setting stab.
    5. The Device Configuration (TSE Settings)screen displays.
    6. Make desired changes.
    7. Click OK to update the device.


    Reference: SMS User Guide

Keywords: threat suppression engine, tse, tse settings, sms, configuring