How do I configure Adaptive Filter Configuration (AFC) settings from the LSM?

- Updated:
- 18 Sep 2017
- Product/Version:
- TippingPoint IPS N-series All
- TippingPoint IPS NX-series All
- TippingPoint IPS S-series All
- TippingPoint NGFW All
- TippingPoint SecBlade All
- TippingPoint TPS All
- TippingPoint Virtual TPS All
- Platform:

Summary

With Adaptive Filtering, the Threat Suppression Engine (TSE) automatically manages filter behavior when the IPS device is under extreme load conditions. This feature protects against the potential adverse effects of a filter that interacts poorly with the network environment by preventing the device from entering High Availability mode. Adaptive filtering works by monitoring each filter to identify any suspected of causing congestion. When it identifies a filter, it manages the filter using one of the following methods, depending on how the global or filter-level Adaptive Filtering is configured:

Automatic Mode: This setting enables the IPS device to automatically disable and generate a system message regarding the defective filter.

Manual: This setting enables the IPS device to generate a system message regarding the defective filter. However, the filter is not disabled.

Details

You can configure the global settings for the adaptive filtering. At the filter level, you have the option to disable AFC so that a filter is never impacted by Adaptive Filter settings on the device. You can view the effects of Adaptive Filter Configuration in the table, which displays the filters most recently affected by the Adaptive Filter. You can also manage the global AFC and the filter-level configuration.

IPS LSM

From the LSM menu, click IPS > Preferences.
On the IPS Preferences page in the Adaptive Configuration Settings section, select the mode. (Auto or Manual)
For Log Severity, select the severity of the system log message that is automatically generated when a filter triggers the Adaptive Filter function.(Info, Warn, Error, Critical)
Click Apply.

TPS LSM

From the LSM menu, click Reports > Security > Adaptive Filter Control.
On the Adaptive Filter Control page in the Settings section, select the mode. (Auto or Manual)
For Log Severity, select the severity of the system log message that is automatically generated when a filter triggers the Adaptive Filter function.(Info, Warn, Error, Critical)
Click Apply.

Reference: Local Security Manager User's Guide

Rating:

Category:

Configure; Troubleshoot; Deploy

Solution Id:

TP000090148

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

Need More Help?

How do I configure Adaptive Filter Configuration (AFC) settings from the LSM?