Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

What is Symmetric vs. Asymmetric mode?

    • Updated:
    • 9 Dec 2020
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint TPS All
    • TippingPoint Virtual TPS All
    • Platform:
Summary

Asymmetric Network: An asymmetric network has multiple routes for incoming and outgoing network traffic. As such traffic takes a different route when entering or exiting the network.

Symmetric Network: A symmetric network has a single route for incoming and outgoing network traffic. As such traffic takes the same route when entering or the network.

Details
Public

It is very common for traffic to be asymmetrical in both Service Provider and larger Enterprise networks due to the nature of routing within a large, complex environment that has multiple entry and exit points. Since the bulk of the IPS filters are flow-based (meaning state kept per-flow versus per session), attacks are detected in either send or receive directions.

By default, TippingPoint IPS devices are shipped in Asymmetric mode while TPS devices are shipped in Symmetric mode. When using Advanced Distributed Denial of Service (DDoS) protection filters, or performing SSL inspection, the device must be able to see both sides of the traffic flow. This is configured in the TPS Device Configuration (TSE Settings) tab.

DDoS filters - Infrastructure protection filters that detect DDoS attacks that flood a network with requests, including traditional SYN floods, DNS request floods against nameservers, and attempts to use protected systems as reflectors or amplifiers in attacks against third parties. Advanced Distributed Denial of Service (DDoS) filters enable you to create filters for detecting denial of service attacks.

Note: DDoS protection filters are enabled by enabling SYN Proxy and specifying the Threshold level in the Profiles area of the SMS. No other Advanced DDoS options on the SMS are available.

Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000086251
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.