Flow Management Filters are available on the following platforms;
|N-Platform:||660N, 1400N, 2500N, 5100N, 6100N|
|NX-Platform:||2600NX, 5200NX, 6200NX, 7100NX, 7500NX|
|S-Series:||S10, S110, S330|
|Flow Management Filters|
|7620: TCP Flow Management (5MB)|
7621: TCP Flow Management (10MB)
7622: TCP Flow Management (100MB)
7623: TCP Flow Management (500MB)
| 7624: UDP Flow Management (5MB)|
7625: UDP Flow Management (10MB)
7626: UDP Flow Management (100MB)
7627: UDP Flow Management (500MB)
|Note: Only one TCP and/or one UDP filter should be enabled.|
Trust as an Action Set: Actions configured under shared settings; you can create a TRUST or TRUST+NOTIFY action set which can then be assigned to any DV filter. If traffic matches a filter with an action set of TRUST, a trusted stream is created, and that flow will pass through the IPS uninspected until the trusted stream times out (default 30 minutes). Trusted streams are also shared with the partner IPS in a TRHA configuration.
Implementation and Management
Best practice calls for the Traffic Management Filter to be set to a TRUST action, however during the initial configuration and observation period the filter should be set to an action of TRUST+NOTIFY. After the system has been verified to be working properly, the filter should be set to TRUST.
Note: Setting the filter to PERMIT+NOTIFY is not the recommended action for these filters.
You may view the TRUSTED streams table at the following locations:
- SMS: via TRUSTED STREAMS table via the Devices->"IPS"->Events->Trusted Streams tab
- LSM: via Events->Managed Streams->Trusted Streams
IPS CLI command: "show np tier"
Tx trust packets/sec = 0.0 (0.0)
Rx Mbps = 72.8 (130.8)
Rx packets/sec = 9,663.0 (53,792.0)