Symantec 10521146 Administration Guide - Page 174
Maximum IPv4 Fragment Reassembly Table Elements, TCP Maximum Flow Table Elements (Fast Ethernet)
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
174 Detecting Configuring sensor detection Maximum IPv4 Fragment Reassembly Table Elements Maximum IPv4 Fragment Reassembly Table Elements regulates the size of IP fragment tables by controlling the number of simultaneous IP fragments that the sensor handles. It directly impacts memory consumption. Each fragment table entry can consume slightly more than 64K of memory. The default is set to 2,048 for optimum performance and sensitivity, and does not need to be changed under most circumstances. Valid values range from 32 to 32,768, inclusive. If you receive an operational log message indicating that the IPv4 Fragment Reassembly Table is full, you can eliminate the message by increasing this value, at the cost of greater memory consumption. If the system is running low on RAM, you can decrease this value, at the cost of reducing detection sensitivity because sensors have less traffic to inspect. Consider changing it only if you have a thorough understanding of its functionality. TCP Maximum Flow Table Elements (Fast Ethernet) TCP Maximum Flow Table Elements (Fast Ethernet) regulates the size of the TCP flow table by controlling the number of simultaneous flows that the fast Ethernet sensor handles. It has a direct impact on memory consumption. The default is set to 32,768 for optimum performance and sensitivity, and does not need to be changed under most circumstances. Valid values range from 16,384 (16K) to 262,144 (256K). If you receive an operational log message indicating that the TCP Flow Table is full, you can eliminate the message by increasing this value, at the cost of greater memory consumption. Consider changing it only if you have a thorough understanding of its functionality. TCP Maximum Flow Table Elements (Gigabit) TCP Maximum Flow Table Elements (Gigabit) regulates the size of the TCP flow table by controlling the number of simultaneous flows that the gigabit sensor handles. It has a direct impact on memory consumption. The default is set to 131,072 for optimum performance and sensitivity, and does not need to be changed under most circumstances. Valid values range from 32,768 (32K) to 1,048,576 (1M), inclusive. If you receive an operational log message indicating that the TCP Flow Table is full, you can eliminate the message by increasing this value, at the cost of greater memory consumption. Consider changing it only if you have a thorough understanding of its functionality.