Views:
Configure the global settings for the Threat Suppression Engine (TSE).
You can configure the global settings for the Threat Suppression Engine (TSE). These options include the following:
  • Connection Table Timeout — The value for the global connection table timeout. This value is 30-1800 seconds. This value applies to all blocked streams in the connection table, and determines the amount of time that elapses before that connection is cleared from the connection table. Before that period of time elapses, any incoming packets for that stream are blocked at the box. After the connection is cleared, the incoming connection is allowed (if its action set has changed) or re-added to the blocked list. Separate settings are available for TCP and non-TCP traffic.
  • Trusted Streams — Specifies the global timeout interval for the trust table. This value determines the time interval that elapses before the trusted connection is cleared from the trust table.
  • Asymmetric Network — The dynamic sharing and use of bandwidth for increased network traffic performance. If you configure the device through the TSE configuration for an asymmetric network, the SYN flood detection, or DDoS filters, will be disabled. In effect, the TSE will not see both sides of a TCP connection. SSL inspection cannot occur in asymmetric mode. Consult your device documentation for a list of additional filters that cannot be run in asymmetric mode.
  • Quarantine— Specifies the global timeout for the quarantine table. For quarantined hosts in the quarantine table, this value determines the time interval that elapses before the quarantined host is cleared from the quarantine table. After the quarantined host is cleared (the timeout interval expires), quarantined addresses can be automatically released, if that option is selected.
    Note
    Note
    If you unmanage and then remanage a device, the quarantine settings are reset to the default values.
  • GZIP Decompression— When enabled, permits decompression of GZIP HTTP responses.
  • IDS Mode—When enabled, automatically configures the device to operate in a manner similar to an Intrusion Detection System (IDS).
    • Performance protection is disabled. As a best practice, enable this option and set it to Always.
    • Adaptive Filtering mode is set to Manual.
    • Filters currently set to Block are not switched to Permit, and Block filters can still be set.
    Note
    Note
    Using an IPS/TPS device in a mixed configuration is not supported. When an IPS/TPS device is used in an IDS configuration, then it is an IDS device. Use the IPS/TPS as either an IDS device or an IPS device, but not both.
    Note
    Note
    You must reboot the device for any changes to take effect.
  • HTTP Response Processing—Specifies inspection of encoded HTTP responses.
    • Accelerated inspection of responses: Hardware acceleration is used to detect and decode encoded HTTP responses.
    • Inspection of responses: Enables strict detection and decoding of encoded HTTP responses.
    • Ignore responses: The device does not detect or decode encoded HTTP responses.
      Note
      Note
      Some of these options are only available on TPS devices and IPS devices running specific TOS 3.2.x versions.
  • Domain Reputation—Applies Domain name reputation rules to traffic.
    • Domain Reputation - NXDOMAIN: Return the NXDOMAIN response to DNS domain queries blocked by Reputation.
    • Domain Reputation - TLS: Apply Domain Reputation entries to TLS SNI traffic.
    • Domain Reputation - HTTP: Apply Domain Reputation entries to HTTP traffic.
    • Domain Reputation - DNS: Apply Domain Reputation entries to DNS traffic.