https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956886#M55134 <P>Hi all,</P><P></P><P>please give me an understanding about the ips packet flow inspection.</P><P>I got a problem with IPS, it seems like a Bottleneck issue.</P><P>When i turning on the IPS machine, all process being down.</P><P>But when i turning off the IPS, all process begin normal again.</P><P>FYI, i already setting the by pass configuration to ON and setting whole events action Rule being "Produce Alert" </P><P></P><P>What probably cause with my problem ? </P><P>What should i conduct with Anomaly Detection ? Should i change the AD mode to be inactive ? </P><P></P><P>Thank you.</P> Sun, 10 Mar 2019 12:41:53 GMT probopurwo 2019-03-10T12:41:53Z https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956886#M55134 <P>Hi all,</P><P></P><P>please give me an understanding about the ips packet flow inspection.</P><P>I got a problem with IPS, it seems like a Bottleneck issue.</P><P>When i turning on the IPS machine, all process being down.</P><P>But when i turning off the IPS, all process begin normal again.</P><P>FYI, i already setting the by pass configuration to ON and setting whole events action Rule being "Produce Alert" </P><P></P><P>What probably cause with my problem ? </P><P>What should i conduct with Anomaly Detection ? Should i change the AD mode to be inactive ? </P><P></P><P>Thank you.</P> Sun, 10 Mar 2019 12:41:53 GMT https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956886#M55134 probopurwo 2019-03-10T12:41:53Z https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956887#M55135 <HTML><HEAD></HEAD><BODY><P>What do you mean by "all process being down" ?</P><P></P><P>With Bypass set to ON, IPS should simply pass all traffic without analyzing.</P><P>Event Action being set to "Produce Alert", is the alert rate too high ? Are there some particular signatures firing a lot ? (Check show statistics virtual-sensor).</P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Sun, 10 Jun 2012 01:18:53 GMT https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956887#M55135 sawgupta 2012-06-10T01:18:53Z https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956888#M55136 <HTML><HEAD></HEAD><BODY><P>Thank Sawan for your answer,</P><P></P><P>first i want to inform you about the all process being down, it mean that the server inside the server farm being down when i turn on the IPS.</P><P>i already set the by pass ON in interface, and make all action in signatures to be produce alert, mean that no packet drop / modify inline conducted by the IPS Sensor, but the servers still cannot operate as well as IPS being turning off.</P><P>what problem may be occure ?</P></BODY></HTML> Mon, 11 Jun 2012 02:08:17 GMT https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956888#M55136 probopurwo 2012-06-11T02:08:17Z https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956889#M55137 <HTML><HEAD></HEAD><BODY><P>If Bypass is set to ON, then IPS shouldn't be doing anything. It looks like a configuration issue.</P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Mon, 11 Jun 2012 15:00:35 GMT https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956889#M55137 sawgupta 2012-06-11T15:00:35Z https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956890#M55138 <HTML><HEAD></HEAD><BODY><P>Yeah, it should be like that, but actually when i setting up the by pass to be ON, the traffic from server farm still can operate as well as turning off IPS.</P><P></P><P>actually, i just configure the interface pair, one to ASA and one to Access-Server Farm.</P><P>before, this configuration can operate well, and no problem occure.</P><P>but after deploying some Application inside the Server Farm, there are so many problem, most of them is The Process of the Application being "Slow" When the IPS is turning ON.</P><P></P><P>What is the best practice configuration of IPS, what do you think ? </P></BODY></HTML> Tue, 12 Jun 2012 02:05:25 GMT https://community.cisco.com/t5/network-security/ask-ips-bottleneck-issue/m-p/1956890#M55138 probopurwo 2012-06-12T02:05:25Z