AnsweredAssumed Answered

How to Tune the IPS

Question asked by Prashan Attanayake on Oct 25, 2017
Latest reply on Feb 7, 2018 by Edes Leandro Cardoso

Hi Team,

 

Can anyone share the knowledge of how to fine-tune the IPS. Currently our IPS in recommended protection. And most of the signatures are in Detect mode. 

 

How you fine-tune the IPS based on Critical, High, Medium ? 

 

Can anyone guide me to fine-tune the IPS ? 

 

Cause we are getting this messages regularly 

Oct 26 09:45:52 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] CUL state is ON for 0 seconds, remote Member 0 reporting high kernel CPU usage (100%), threshold=80%, local kernel CPU usage is 0%


Oct 26 09:45:52 2017 DC-IRDOFW2 last message repeated 6 times


Oct 26 09:45:53 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] CUL state is ON for 1 seconds, remote Member 0 reporting high kernel CPU usage (100%), threshold=80%, local kernel CPU usage is 1%


Oct 26 09:45:53 2017 DC-IRDOFW2 last message repeated 6 times


Oct 26 09:45:53 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] Changing CUL state to ON due to high CPU usage (100%) on remote Member 0, threshold = 80%, local kernel CPU usage is 1%


Oct 26 09:45:54 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] CUL state is ON for 2 seconds, remote Member 0 reporting high kernel CPU usage (100%), threshold=80%, local kernel CPU usage is 0%


Oct 26 09:45:54 2017 DC-IRDOFW2 last message repeated 6 times


Oct 26 09:46:02 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze][CUL - Cluster] CUL should be OFF (short timeout of 10 seconds expired) but at least one member reported high CPU usage 5 seconds ago


Oct 26 09:46:03 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze][CUL - Cluster] CUL should be OFF (short timeout of 10 seconds expired) but at least one member reported high CPU usage 6 seconds ago


Oct 26 09:46:04 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze][CUL - Cluster] CUL should be OFF (short timeout of 10 seconds expired) but at least one memb

Outcomes