|SMS High Availability: The Security Management System (SMS) can be configured to operate in a two-node, high availability (HA) cluster, increasing availability of the SMS server in case an unexpected event causes the primary SMS server to fail or become inaccessible. The SMS HA cluster consists of two SMS servers, one designated as the active (primary) SMS server, the other designated as the passive (secondary) SMS server.|
|Flow Management Filters are a special set of policy-based DV filters which 'match' once a certain amount of traffic has passed, these filters are to be used in conjunction with TRUST as an Action. Most attacks occur in the first few bytes of a flow; using these filters you can trust a flow after the flow has been clean for the first 5, 10, 100, or 500MB of transferred data. So when a filter match occurs, the stream will be placed in the Trusted Streams table.|
|Intrinsic HA, also known as 'Layer 2 Fallback' (L2FB), is a mode wherein the IPS will pass traffic from one interface to its partner without inspecting the traffic. If an internal failure is detected, the device goes into L2FB mode and either permits or blocks all traffic on each segment, depending on the preference of the network administrator.|
Transparent High Availability (TRHA) allows the user to install two IPS devices in a redundant network configuration. Transparent HA keeps the devices in sync with each other so that if one experiences a system failure, the network flow can be routed to the other with no interruption in intrusion prevention services. Transparent HA requires you to configure two IPS devices with the same settings.
|Zero Power High Availability (ZPHA) technology ensures constant, and non-interrupted flow of network traffic. If the power to the IPS is interrupted, the ZPHA bypasses the IPS device, thus providing continuous (but uninspected) network traffic. The ZPHA modules include a set of relays (contacts for copper and mirrors for fiber) for receiving network traffic from a network device, routing the traffic through the device, and sending it back out to a network device. The network device could be a switch, a single workstation, a server, or other network devices. Be aware that ZPHA technology is not “hitless” as when relays are being switched over you will suffer some traffic loss. Note: VLAN Translation is not supported by the ZPHA modules.|
|Traffic Management are manually created filters that react to traffic based on a limited set of parameters including source/destination IP, port number, protocol, or other defined values. You can set up different actions like Trust, Allow, Block, and Rate limit.|
|Inspection Bypass is a feature available in the Trend Micro TippingPoint devices that once enabled will allow traffic to bypass the device inspection engine. Any traffic that matches an inspection bypass rule is directed through the device without further inspection. In addition, traffic that is passed with an inspection bypass rules does not count against the maximum traffic capacity of the device.|
|Scan/Sweep Filters track the number of port scans and host sweeps attempts from a single source IP address. These filters have threshold values that can be configured per Security Profile and per filter. The filter becomes active when the number of connection attempts from a source IP address exceeds the threshold. Host scans and port sweeps are blocked through the Quarantine feature.|
Need More Help?
Create a technical support case if you need further support.
TippingPoint 'How to Videos'
Category:Configure; Troubleshoot; Deploy
Thank you for your feedback!