User guide
Chapter 9: Configuring Other Intrusion Prevention Settings
110
Configuring Global Tuning Parameters
Introduction Global tuning parameters affect intrusion prevention settings at the group and site levels.
Use Global Tuning Parameters to configure (or tune) certain parameters and apply them
globally to a group of appliances to better meet your security needs or enhance the
performance of the hardware. Generally, you edit or configure global tuning parameters
for groups of appliances you manage through SiteProtector, but you can view the global
tuning parameters that affect a specific appliance through Proventia Manager.
You can also specify whether you want to use blocking responses recommended by ISS X-
Force. While ISS recommends that you not disable X-Force blocking as a general rule, you
may need to disable this option at times so that you can determine whether current
suspicious activity on the network is valid, or so that you can protect against explicit
threats to the network.
How global
parameters differ
from local
parameters
Global tuning parameters differ from local tuning parameters as follows:
● Global tuning parameters are settings that affect a group of intrusion prevention
appliances.
● Local tuning parameters are settings that affect a specific intrusion prevention
appliance, such as network adapter card settings.
Because local tuning parameters are specific to a particular appliance, you can
configure them only at the device level.
Where applicable, local tuning parameters you have enabled take precedence over global
tuning parameters.
Components you
can tune
You can tune the following components on a group of appliances:
● intrusion prevention responses
● intrusion prevention security risks
● firewall
● automatic updates
See “Configuring Advanced Parameters” on page 129 for information about applying
advanced parameters to a single appliance.
About advanced
parameters
Advanced parameters are composed of name/value pairs. Each name/value pair has a
default value.
For example, the parameter np.firewall.log is a parameter that determines whether to log
the details of packets that match firewall rules you have enabled. The default value for
this parameter is on.
You can edit the value of any parameter that appears in the list on the Advanced
Parameters tab. If the parameter does not appear in the list, it does not mean the
parameter has no default value. You simply need to add the parameter to the list with the
new value.