cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
0
Helpful
4
Replies

Ask : IPS Bottleneck Issue

probopurwo
Level 1
Level 1

Hi all,

please give me an understanding about the ips packet flow inspection.

I got a problem with IPS, it seems like a Bottleneck issue.

When i turning on the IPS machine, all process being down.

But when i turning off the IPS, all process begin normal again.

FYI, i already setting the by pass configuration to ON and setting whole events action Rule being "Produce Alert"

What probably cause with my problem ?

What should i conduct with Anomaly Detection ? Should i change the AD mode to be inactive ?

Thank you.

4 Replies 4

sawgupta
Level 1
Level 1

What do you mean by "all process being down" ?

With Bypass set to ON, IPS should simply pass all traffic without analyzing.

Event Action being set to "Produce Alert", is the alert rate too high ? Are there some particular signatures firing a lot ? (Check show statistics virtual-sensor).

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

Thank Sawan for your answer,

first i want to inform you about the all process being down, it mean that the server inside the server farm being down when i turn on the IPS.

i already set the by pass ON in interface, and make all action in signatures to be produce alert, mean that no packet drop / modify inline conducted by the IPS Sensor, but the servers still cannot operate as well as IPS being turning off.

what problem may be occure ?

If Bypass is set to ON, then IPS shouldn't be doing anything. It looks like a configuration issue.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

Yeah, it should be like that, but actually when i setting up the by pass to be ON, the traffic from server farm still can operate as well as turning off IPS.

actually, i just configure the interface pair, one to ASA and one to Access-Server Farm.

before, this configuration can operate well, and no problem occure.

but after deploying some Application inside the Server Farm, there are so many problem, most of them is The Process of the Application being "Slow" When the IPS is turning ON.

What is the best practice configuration of IPS, what do you think ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: