03-09-2015 08:01 AM - edited 03-12-2019 05:38 AM
In version 5.4.x the latency preprocessors' settings were moved to the advanced settings of the AC policy along with the other "global" preprocessors. In version 5.4.0 there is no option to disable these preprocessors. When you upgrade to 5.4.0 from 5.3.x it will take the settings from the intrusion policy of the default action for the preprocessors that have moved to the advanced settings of the AC policy. For any AC policies that have either the latency rule or latency packet handling preprocessors disabled, these will be force enabled and the thresholds will be set very high.
In version 5.4.1 the option to disable these preprocessors was added but it will not automatically revert the changes from the 5.4.0 upgrade; so once the DC is upgraded to 5.4.0 the preprocessors will be enabled until you manually go into the policy and disable them (after updating the DC to a newer version of 5.4.x). As long as the AC policy is not applied before updating to 5.4.1 or higher and disabling these preprocessors then this will not impact the policy that is applied to sensors.
03-31-2015 04:05 AM
Symptom:
If latency preprocessors are disabled in 5.3 prior to upgrading your Defense Center to Version 5.4, the preprocessors are automatically enabled with high thresholds.
Conditions:
Defense Center upgraded from Version 5.3 to Version 5.4.
Workaround:
If you do not want the latency preprocessors automatically enabled, make a note of each AC policy where the intrusion policy in the default action has the latency packet and/or latency rule handling preprocessor(s) disabled. After upgrading to 5.4.0, immediately update the DC to version 5.4.1 or higher and then manually go into each AC policy and disable the preprocessors if desired, then reapply policies.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide