|Flow Management Filters are a special set of policy based DV filters which 'match' once a certain amount of traffic has passed, these filters are to be used in conjunction with TRUST as an Action. Most attacks occur in the first few bytes of a flow; using these filters you can trust a flow after the flow has been clean for the first 5, 10, 100 or 500MB of transferred data. So when a filter match occurs, the stream will be placed in the Trusted Streams table.|
|Intrinsic HA, also known as 'Layer 2 Fallback' (L2FB), is a mode wherein the IPS will pass traffic from one interface to its partner without inspecting the traffic. If an internal failure is detected, the device goes into L2FB mode and either permits or blocks all traffic on each segment, depending on the preference of the network administrator.|
Transparent High Availability (TRHA) allows the user to install two IPS devices in a redundant network configuration. Transparent HA keeps the devices in sync with each other so that if one experiences a system failure, the network flow can be routed to the other with no interruption in intrusion prevention services. Transparent HA requires you to configure two IPS devices with the same settings.
|Zero Power High Availability (ZPHA) technology ensures constant, non-interrupted flow of network traffic. If power to the IPS is interrupted, the ZPHA bypasses the IPS device, thus providing continuous (but uninspected) network traffic. The ZPHA modules include a set of relays (contacts for copper and mirrors for fiber) for receiving network traffic from a network device, routing the traffic through the device, and sending it back out to a network device. The network device could be a switch, a single workstation, a server, or other network device. Be aware that ZPHA technology is not “hitless” as when relays are being switched over you will suffer some traffic loss. Note: VLAN Translation is not supported by the ZPHA modules.|
|Traffic Management are manually created filters that react to traffic based on a limited set of parameters including source/destination IP, port number, protocol, or other defined values. You can setup different actions like Trust, Allow, Block and Rate limit.|
|Inspection Bypass is a feature available in the Trend Micro TippingPoint devices that once enabled will allow traffic to bypass the device inspection engine. Any traffic that matches an inspection bypass rule is directed through the device without further inspection. In addition, traffic that is passed with an inspection bypass rules does not count against the maximum traffic capacity of the device.|
Need More Help?
Create a technical support case if you need further support.
TippingPoint 'How to Videos'
Category:Configure; Troubleshoot; Deploy
Thank you for your feedback!