What are SMS Deployment Modes?

Product / Version includes:

Last updated: 2024/12/03

Solution ID: KA-0017336

Category: Configure , Deploy

Summary

The TippingPoint Digital Vaccines (DV) contains deployment settings for filters that address specific types of deployments (such as perimeter, core, etc.). When you create a new profile, you can use the Default deployment mode or choose from a list of available deployment modes, and the device will use the recommended filter configuration for that deployment. Depending on your network, tuning the selected deployment mode might be necessary by overriding specific filters or categories. Digital Vaccine contain deployment settings for filters that address specific types of deployments.

Deployment Mode	Comments
Default	It balances high-quality security and appliance performance and is suitable for most deployments.
Security -Optimized	It favors additional security over network performance or application adherence to protocol standards and is a subset of the Hyper-Aggressive deployment mode. Enables more Zero Day Initiative (ZDI) protection than other deployment modes.
Performance -Optimized	This deployment mode emphasizes network performance over security and is not recommended for use in a production environment. It is intended for testing purposes only.
Evaluation	This deployment mode mirrors the Default configuration but enables filters in a Permit action set instead of a Block action set (except for Traffic Normalization rules). It is designed for customers who prefer to test filters in Permit mode before transitioning to Block mode.
Core [Deprecated]*	It offers improved performance for devices deployed on the interior of a network, with the expectation that perimeter-facing devices block most malicious Internet traffic.
Edge [Deprecated]*	Ideal for WEB farms and DMZs that typically expose services to the Internet.
Perimeter [Deprecated]*	It offers optimal security for IPS devices deployed on the perimeter of a network and protects the network from general Internet traffic.

NOTE: These three deployment modes will remain in the DV, marked as "Deprecated". The deprecated deployment modes will continue to contain new filters added to the DV. Still, the new filters in the deprecated deployment modes will have the same characteristics as the Default deployment mode going forward. For each Profile, the user can select which Deployment Mode to use, and the TPS will use the appropriate "Recommended" filter configuration for that deployment. Users can always override specific filters or categories, but the Deployment Mode will drive the filter used for any filter configured as "Recommended". Depending upon the customer’s network, tuning the Deployment Mode selected may be necessary.

Remember that when created, all new profiles will default to the "Default" deployment mode. If you wish to change the deployment mode, you will have to select a different deployment mode from the drop-down box. For the most part, the different Deployment Modes change the "Action" setting on the filters from Disabled to Block/Notify.

The following table is an example comparison between Deployment Modes. The number of filters and their posture will be changed with every new DV, so this example is only good for this DV;

DV 4.0.0.9975	Block/-	Block/Notify	Block/Notify/Trace	Disabled	Permit/Notify	Permit/Notify/Trace
Default	39	8976	95	16748	6	-
Security-Optimized	41	19635	389	5794	5	-
Performance-Optimized	43	3286	61	22472	2	-
Evaluation	39	11	-	16748	8971	95

Core [Deprecated]	39	9392	95	16332	6	-
Edge [Deprecated]	39	9395	95	16329	6	-
Perimeter [Deprecated]	43	3286	61	22472	2	-

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

What are SMS Deployment Modes?

What are SMS Deployment Modes?

Product / Version includes:

Summary