Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring the Threat Suppression Engine (TSE) Settings from the SMS

    • Updated:
    • 20 Nov 2017
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint SMS All
    • TippingPoint TPS All
    • TippingPoint TX-Series All
    • TippingPoint Virtual SMS
    • TippingPoint Virtual TPS All
    • Platform:
Summary

The TSE is a line-speed, hardware engine that contains all the functions needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis, traffic shaping, flow blocking, flow state tracking and application-layer parsing of over 170 network protocols.

The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each new packet of the traffic flow arrives, the engine re-evaluates the traffic for malicious content. The instant the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic flow. The block of the traffic and packets ensures that the attack never reaches its destination.

You can configure the global settings for the Threat Suppression Engine (TSE). These options include the following:

  • Connection Table Timeout - The value for the global connection table timeout. This value is 30-1800 seconds. This value applies to all blocked streams in the connection table, and determines the amount of time that elapses before that connection is cleared from the connection table. Before that period of time elapses, any incoming packets for that stream are blocked at the box. After the connection is cleared, the incoming connection is allowed (if its action set has changed) or re-added to the blocked list. Separate settings are available for TCP and non-TCP traffic.
  • Trusted Streams - Specifies the global timeout interval for the trust table. This value determines the time interval that elapses before the trusted connection is cleared from the trust table.
  • Asymmetric Network - The dynamic sharing and use of bandwidth for increased network traffic performance. If you configure the device through the TSE configuration for an asymmetric network, the SYN flood detection, or DDoS filters, will be disabled. In effect, the TSE will not see both sides of a TCP connection.
  • Quarantine - Specifies the global timeout for the quarantine table. For quarantined hosts in the quarantine table, this value determines the time interval that elapses before the quarantined host is cleared from the quarantine table. After the quarantined host is cleared (the timeout interval expires), quarantined addresses can be automatically released, if that option is selected.
Note: If you unmanage and then remanage a device, the quarantine settings are reset to the default values.
  • GZIP Decompression - When enabled, permits decompression of GZIP HTTP responses.
  • IDS Mode - When enabled, automatically configures the device to operate in a manner similar to an Intrusion Detection System (IDS).
    • Performance protection is disabled.
    • Adaptive Filtering mode is set to Manual.
    • Filters currently set to Block are not switched to Permit, and Block filters can be still be set.
Note: You must reboot the device for the change to take effect.
  • HTTP Response Processing - Specifies inspection of encoded HTTP responses.
    • Accelerated inspection of responses: Hardware acceleration is used to detect and decode encoded HTTP responses.
    • Inspection of responses: Enables strict detection and decoding of encoded HTTP responses.
    • Ignore responses: The device does not detect or decode encoded HTTP responses.
  • DNS Reputation - You can return the NXDOMAIN (domain name) response to DNS domain queries blocked by Reputation.
  • HTTP Mode - You can enable the HTTP Mode for the device. Allows all TCP ports to be treated as HTTP ports for inspection purposes. Enable this feature only on devices that primarily handle HTTP traffic so that optimum performance is maintained.
Details
Public
Procedure:
  1. Log in to the SMS from a client.
  2. On the SMS toolbar, navigate to the Devices > All Devices and expand the tab.
  3. Select a device from the display window and do one of the following:
    • Right-click and select Edit > Device Configuration.
    • On the top menu select Edit > Details > Device Configuration.
    • Double-click the device and click on Device Configuration.
  4. On the Device Configuration Wizard screen, click the TSE Setting stab.
  5. The Device Configuration (TSE Settings)screen displays.
  6. Make desired changes.
  7. Click OK to update the device.

Reference: SMS User Guide
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000094011
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.