IAB Options
State
Enables or disables IAB.
Performance Sample Interval
Specifies the time in seconds between IAB performance sampling scans, during which the system collects system performance metrics for comparison to IAB performance thresholds. A value of 0 disables IAB.
Bypassable Applications and Filters
This feature provides two mutually exclusive options:
- Applications/Filters
- Provides an editor where you can specify bypassable applications and sets of applications (filters). See Application Rule Conditions.
- All applications including unidentified applications
- When an inspection performance threshold is exceeded, trusts all traffic that exceeds any flow bypass threshold, regardless of the application type.
Performance and Flow Thresholds
You must configure at least one inspection performance threshold and one flow bypass threshold. When a performance threshold is exceeded, the system examines flow thresholds and, if one threshold is exceeded, trusts the specified traffic. If you enable more than one of either, only one of each must be exceeded.
Inspection performance thresholds provide intrusion inspection performance limits that, if exceeded, trigger the inspection of flow thresholds. IAB does not use inspection performance thresholds set to 0. You can configure one or more of the following inspection performance thresholds:
- Drop Percentage
-
Average packets dropped as a percentage of total packets, when packets are dropped because of performance overloads caused by expensive intrusion rules, file policies, decompression, and so on. This does not refer to packets dropped by normal configurations such as intrusion rules. Note that specifying an integer greater than 1 activates IAB when the specified percentage of packets is dropped. When you specify 1, any percentage from 0 through 1 activates IAB. This allows a small number of packets to activate IAB.
- Processor Utilization Percentage
-
Average percentage of processor resources used.
- Packet Latency
-
Average packet latency in microseconds.
- Flow Rate
-
The rate at which the system processes flows, measured as the number of flows per second. Note that this option configures IAB to measure flow rate, not flow count.
Flow bypass thresholds provide flow limits that, if exceeded, trigger IAB to trust bypassable application traffic in bypass mode or allow application traffic subject to further inspection in test mode. IAB does not use flow bypass thresholds set to 0. You can configure one or more of the following flow bypass thresholds:
- Bytes per Flow
-
The maximum number of kilobytes a flow can include.
- Packets per Flow
-
The maximum number of packets a flow can include.
- Flow Duration
-
The maximum number of seconds a flow can remain open.
- Flow Velocity
-
The maximum transfer rate in kilobytes per second.