Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

What is Adaptive Filtering Configuration?

    • Updated:
    • 19 Jul 2019
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint SMS All
    • TippingPoint TPS All
    • TippingPoint TX-Series All
    • TippingPoint Virtual SMS
    • TippingPoint Virtual TPS All
    • Platform:
Summary
This article discusses what Adaptive Filtering on TippingPoint devices, and how to configure/manage the same.
Details
Public
Adaptive Filtering (AFC) is a device function configured to avoid congestion by automatically disabling filters that trigger excessively. You can configure AFC on individual filters or all filters (at the device level). Edit the filter and clear the Use Adaptive Configuration Settings checkbox if you choose not to submit filters to adaptive filtering. You can view which disabled filters most recently affected by AFC in the Adaptive Filter List.

View AFC filters

View a list of filters that were most recently affected by AFC. IPS devices display the ten most recent filters. TPS devices display the twenty-five most recent filters. The Adaptive Filter List provides the following information:
 
OptionDescription
Device NameDevice name.
Filter TypeSecurity or Application filter.
Filter NameThe name of the filter being managed AFC.
Filter StateEnabled - When selected, this indicates that the filter was once disabled by AFC, cleared by a user, and is now enabled in the engine and will execute the associated action set.

Disabled - If the checkbox is not selected, then this filter has been uninstalled from the engine by AFC.

The device automatically performs a traffic capture when a filter enters AFC. After you clear the filter state, it might still appear on the Adaptive Filter List so that you can download the associated packet capture (PCAP) file.

Procedure:
  1. From the SMS toolbar select Devices > All Devices > Member Summary > Events, and then select the Adaptive Filter tab.
  2. To clear the AFC state on a filter, select the filter(s) and then click Clear Selected Filters. This re-enables the selected filter states. This option is available on IPS devices running any supported TOS, and on TPS devices running TOS version 5.1 and later.
  3. To clear the AFC state on all the device filters, click Clear All. This re-enables every filter state on the device. This option is available only on TPS devices running TOS version 5.1 and later.
  4. To change the AFC setting on a filter, edit the filter.
Configuring a device for adaptive filtering

The Adaptive Filter Configuration (AFC) state enables the Threat Suppression Engine to automatically manage a device. This feature protects against the potential adverse effects of a filter that interacts poorly with the network environment. At the filter level, you have the option to disable adaptive filtering so that a filter is never impacted by the adaptive filter settings on a device. You can also view the filters most recently affected by adaptive filtering in the Adaptive Filter List, and re-enable the filter state.

Procedure:
  1. From the SMS toolbar select Devices > All Devices > device, and then click Device Configuration.
  2. Select AFC Settings.
  3. Select the AFC setting:
    1. Auto - This setting enables the device to disable the defective filter and auto-generate a system message.
    2. Manual - This setting enables the device to generate a system message regarding the filter. However, the filter is not disabled.
  4. Select the severity of the system log message that is generated when a filter triggers the AFC setting configured on a filter.
  5. Click OK.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000139897
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.