What to expect when ASA AIP SSM reaches maximum throughput?

Unanswered Question
Mar 16th, 2009
User Badges:

Hi,

I'm just curious what happens to traffic when you have an IPS module in an ASA and it reaches the maximum throughput?


Does it allow the traffic & only inspects what it can handle? Or does it "fail" and then either allows all the traffic or block based on "fail-open" or "fail-close" configuration?


Thanks,

Brad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcabal Thu, 03/19/2009 - 14:34
User Badges:
  • Cisco Employee,


When the sensor (SSM or any other sensor) is oversubscribed and the sensor is monitoring Inline, then a portion of the traffic will be Dropped.

The traffic will not be allowed through if it has not been inspected.


The "fail-open", "fail-close", and "bypass" are not relevant when talking about over subscription.


The only time the "fail-open", "fail-close", or "bypass" configurations comes into play is if the sensor can not do ANY analysis (either a failure, or an upgrade in progress).



Actions

This Discussion