Configuring Rule Latency Thresholding

By default, latency-based performance settings for both packet and rule handling are automatically populated by the latest deployed intrusion rule update, and we recommend that you do not change the default.

Procedure

Step 1

In the access control policy editor, click Advanced.

In the new UI, select Advanced Settings from the drop-down arrow at the end of the packet flow line.

Step 2

Click Edit (edit icon) next to Latency-Based Performance Settings.

If View (View button) appears instead, settings are inherited from an ancestor policy, or you do not have permission to modify the settings. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 3

Click Rule Handling in the Latency-Based Performance Settings pop-up window.

By default, Installed Rule Update is selected. We recommend using this default.

The values displayed do not reflect the automated settings.

Step 4

If you choose to specify custom values:

  • You can configure any of the options in Rule Latency Thresholding Notes.

  • You must specify custom values in both the packet handling tab and the rule handling tab.

Step 5

Click OK.

Step 6

Click Save to save the policy.

What to do next

  • If you want to generate events, enable latency rules 134:1 and 134:2. For more information, see Intrusion Rule State Options.

  • Deploy configuration changes.