With Adaptive Filtering, the Threat Suppression Engine (TSE) automatically manages filter behavior when the IPS device is under extreme load conditions. This feature protects against the potential adverse effects of a filter that interacts poorly with the network environment by preventing the device from entering High Availability mode. Adaptive filtering works by monitoring each filter to identify any suspected of causing congestion. When it identifies a filter, it manages the filter using one of the following methods, depending on how the global or filter-level Adaptive Filtering is configured:
Automatic Mode: This setting enables the IPS device to automatically disable and generate a system message regarding the defective filter.
Manual: This setting enables the IPS device to generate a system message regarding the defective filter. However, the filter is not disabled.
You can configure the global settings for the adaptive filtering. At the filter level, you have the option to disable AFC so that a filter is never impacted by Adaptive Filter settings on the device. You can view the effects of Adaptive Filter Configuration in the table, which displays the filters most recently affected by the Adaptive Filter. You can also manage the global AFC and the filter-level configuration.
IPS LSM
- From the LSM menu, click IPS > Preferences.
- On the IPS Preferences page in the Adaptive Configuration Settings section, select the mode. (Auto or Manual)
- For Log Severity, select the severity of the system log message that is automatically generated when a filter triggers the Adaptive Filter function.(Info, Warn, Error, Critical)
- Click Apply.
TPS LSM
- From the LSM menu, click Reports > Security > Adaptive Filter Control.
- On the Adaptive Filter Control page in the Settings section, select the mode. (Auto or Manual)
- For Log Severity, select the severity of the system log message that is automatically generated when a filter triggers the Adaptive Filter function.(Info, Warn, Error, Critical)
- Click Apply.
Reference: Local Security Manager User's Guide