Views:
Deployment Mode Comments
Default It balances high-quality security and appliance performance and is suitable for most deployments.
Security
-Optimized
It favors additional security over network performance or application adherence to protocol standards and is a subset of the Hyper-Aggressive deployment mode. Enables more Zero Day Initiative (ZDI) protection than other deployment modes.
Performance
-Optimized
This deployment mode emphasizes network performance over security and is not recommended for use in a production environment. It is intended for testing purposes only.
Evaluation This deployment mode mirrors the Default configuration but enables filters in a Permit action set instead of a Block action set (except for Traffic Normalization rules). It is designed for customers who prefer to test filters in Permit mode before transitioning to Block mode.
Core [Deprecated]* It offers improved performance for devices deployed on the interior of a network, with the expectation that perimeter-facing devices block most malicious Internet traffic.
Edge [Deprecated]* Ideal for WEB farms and DMZs that typically expose services to the Internet.
Perimeter [Deprecated]* It offers optimal security for IPS devices deployed on the perimeter of a network and protects the network from general Internet traffic.
 

NOTE: These three deployment modes will remain in the DV, marked as "Deprecated". The deprecated deployment modes will continue to contain new filters added to the DV. Still, the new filters in the deprecated deployment modes will have the same characteristics as the Default deployment mode going forward. For each Profile, the user can select which Deployment Mode to use, and the TPS will use the appropriate "Recommended" filter configuration for that deployment. Users can always override specific filters or categories, but the Deployment Mode will drive the filter used for any filter configured as "Recommended". Depending upon the customer’s network, tuning the Deployment Mode selected may be necessary.

Remember that when created, all new profiles will default to the "Default" deployment mode. If you wish to change the deployment mode, you will have to select a different deployment mode from the drop-down box. For the most part, the different Deployment Modes change the "Action" setting on the filters from Disabled to Block/Notify.

The following table is an example comparison between Deployment Modes. The number of filters and their posture will be changed with every new DV, so this example is only good for this DV;

DV 4.0.0.9975 Block/- Block/Notify Block/Notify/Trace Disabled Permit/Notify Permit/Notify/Trace
Default 39 8976 95 16748 6 -
Security-Optimized 41 19635 389 5794 5 -
Performance-Optimized 43 3286 61 22472 2 -
Evaluation 39 11 - 16748 8971 95
 
Core
[Deprecated]
39 9392 95 16332 6 -
Edge
[Deprecated]
39 9395 95 16329 6 -
Perimeter
[Deprecated]
43 3286 61 22472 2 -