Optimizing Performance for Intrusion Detection and Prevention

If you want the system to perform intrusion detection and prevention but do not need to take advantage of discovery data, you can optimize performance by disabling new discovery as described below.

Before you begin

To perform this task, you must have one of the following user roles:

Admin, Access Admin, or Network Admin for access control.
Admin or Discovery Admin for network discovery.

Procedure

Step 1	Modify or delete rules associated with the access control policy deployed at the target device. None of the access control rules associated with that device can have user, application, or URL conditions; see Create and Edit Access Control Rules.
Step 2	Delete all rules from the network discovery policy for the target device; see Configuring Network Discovery Rules.
Step 3	Deploy the changed configuration to the target device; see Deploy Configuration Changes.