set ips engine-settings

In the R82.00.X releases, this command is available starting from the R82.00.00 version.

Description

Configures advanced IPS engine settings. This command configures if and when IPS will deactivate upon high resource consumption of the device.

Syntax

set ips engine-settings [ protection-scope <protection-scope> ] [ bypass-under-load { true [ bypass-track <bypass-track>] [ gateway-load-thresholds [ cpu-usage-low-watermark <cpu-usage-low-watermark>] [ cpu-usage-high-watermark <cpu-usage-high-watermark> ] [ memory-usage-low-watermark <memory-usage-low-watermark> ] [ memory-usage-high-watermark <memory-usage-high-watermark> ] [ threshold-detection-delay <threshold-detection-delay> ] ] | false } ]

Parameters

Parameter

Description

bypass-track

Indicates how the appliance will track events where the bypass mechanism is activated/deactivated

Options: none, log, alert

bypass-under-load

Indicates if the IPS engine will move to bypass mode if the appliance is under heavy load

Type: Boolean (true/false)

protection-scope

Indicates if the IPS blade will protect internal networks only or protect all networks (including external networks)

Options: protect-internal-hosts-only, perform-ips-inspection-on-all-traffic

Example Command

set ips engine-settings protection-scope protect-internal-hosts-only bypass-under-load true bypass-track none gateway-load-thresholds cpu-usage-low-watermark 75 cpu-usage-high-watermark 80 memory-usage-low-watermark 75 memory-usage-high-watermark 80 threshold-detection-delay 90