Configure advanced properties for IPS interfaces

Advanced settings allow you to configure SYN Rate Limits and Log Compression on the IPS engine’s interfaces.

SYN Rate Limits are applied to TCP connections. Each TCP connection starts with a SYN packet. If the SYN Rate Limits defined for the IPS engine are reached, the IPS engine drops new TCP connections.

Log Compression is useful when the number of Discard logs becomes high (for example, as a result of a SYN flood attack).

Note: The SYN Rate Limits and Log Compression settings in the interface properties override the general SYN Rate Limits and Log Compression settings. These settings are defined in the Engine Editor.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click a Single IPS or IPS Cluster and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, select Interfaces.
    The Interfaces pane opens on the right.
  3. Right-click a Physical Interface or a VLAN Interface and select Edit Physical Interface or Edit VLAN Interface.
    The properties dialog box for the interface opens.
  4. Switch to the Advanced tab.
  5. Select Override Engine’s Default Settings.
    The options for SYN Rate Limits and Log Compression are enabled.
  6. (Optional) Define the SYN Rate Limits.
    CAUTION:
    The recommended values for the SYN Rate Limits depend on your network environment. If the Custom settings are not carefully configured, the capacity of the engine might suffer or SYN Rate Limits might not work correctly.
  7. (Optional) Enable Log Compression and enter values for the Discard entries.

    Do not enable Log Compression if you want all Discard entries to be logged as separate log entries (for example, for reporting purposes or for engine statistics).

    By default, each generated Discard log entry is logged separately and displayed as a separate entry in the Logs view. Log Compression settings allow you to define the maximum number of separately logged entries. When the defined limit is reached, a single Discard log entry is logged. The single entry contains information about the total number of the generated Discard log entries. After this, the logging returns to normal and all generated entries are once more logged and displayed separately.

  8. Click OK.
  9. Click Save and Refresh to transfer the configuration changes.