Verifying and tuning Inspection Policy elements
Tuning increases the relevancy and accuracy of the findings that the system generates.
The most common way to introduce inspection is to start with a default Inspection Policy element. Tuning the policy is important, because a general policy that is meant to work in all environments is not necessarily suited to your particular network environment. A tuning period is needed to activate and deactivate inspection checks based on the findings and your needs.
To help policy tuning, you can use the
passive termination feature. When passive termination is used, the engine creates a special log entry that notes that a certain connection would have been terminated. However, the engine does not actually terminate the connection. This allows you to check the logs and adjust your policy without the risk of cutting important business communications. There are two levels of activating this feature:
- Passive termination can be activated globally in the engine’s properties for the initial policy tuning.
- Later on, you can test newly added Situations by setting individual Exception rules to passive termination mode.
For cautious introduction of new Situations introduced in dynamic update packages, you can use the Tags for the five most recent updates ().