Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fabz
Contributor

Performace Impact Question

Hi Checkmates,

im looking for what is the best practice config for IPS. Digging more details about confidence levels and perfomance impact and wanna know the correlate with these feature.

  • checking admin guide about Performance Impact and found this : "

    Note - The Performance Impact of protections is rated based on how they affect Security Gateways that run R80.30 version and above. The Performance Impact on other Security Gateways may be different than the rating listed on the protection.

    For example, you might want to make sure that protections that have a Critical or High Performance Impact are not activated unless they have a Critical or High Severity, or you know the protection is necessary." Can anyone explain in the simple term about the example?

  • Performance impact with high or critical, is it means that all traffic will be analyze? I mean, if we put low so it should IPS engine will analyze a few of payload not all payload?
  • Above question comes to my mind to know about the correlation between Confidence Level with Performance Impact. 

 

Gracias!

0 Kudos
4 Replies
the_rock
Legend
Legend

Personally, I always tell customers to use CP optimized IPS profile. I find it works the best and it requires least "tweaking"

In my own lab, I just close optimized one and ONLY make syre ips is enabled.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

In current version you can leverage HCP to help determine if specific protections are causing load then you can assess their relevance to your environment and act accordingly by disabling them etc. 

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

Performance Impact refers to the impact when the particular protection is triggered by received traffic.
Some protections have a higher impact to enforce on our gateways than others.

Confidence Level refers to how likely the protection will catch malicious traffic versus false positives.
Confidence Level does not correlate with Performance Impact.

0 Kudos
Timothy_Hall
Legend Legend
Legend

This important topic is covered in both my Gateway Performance Optimization Course and R81.20 IPS/AV/ABOT Immersion Course, in basic terms the Performance Impact rating for each protection/signature indicates what level of acceleration will be possible for traffic that must be scanned looking for the presence of that signature:

thepaths.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events