Tuning Rule Parameters
- Ashish Khabde
Analytics
All threat protection rules contain rule parameters that you may or may not be able to configure. Rule parameters are predefined with default values that generally suit most network environments. However, there are times when you have special setups or configurations in your environment that require special attention. In these cases, you may need to change some of the rule parameters to obtain optimal protection without sacrificing system performance.
Table H.2 lists specific conditions and corresponding rules that may require tuning when they are enabled. You can view tuning suggestions in the Comments column for each of the following condition:
| Conditions | Rule(s) that Require Tuning | Reference |
|---|---|---|
Your appliance is configured as an authoritative DNS server. | Rule 100000100 in the DNS Cache Poisoning category | DNS Cache Poisoning Rules |
Your DNS server is configured as the secondary server with external primaries, and it serves a large number of zones. | Rules 100100100 to 100100201 in the DNS Message Type category | DNS Message Type Rules |
You have enabled TCP/UDP Flood system rules, and your network environment consists of the following: NATd environments, static forwarders, or VPN concentrators. | All rules in the TCP/UDP Flood category | TCP/UDP Flood Rules |
You have enabled DNS DDoS system rules, and your network environment consists of the following: NATd environments, static forwarders, or VPN concentrators. | Rules 200000001 to 200000003 in the DNS DDoS category | DNS DDoS Rules |
You have enabled DNS Tunneling system rules, and your network environment consists of the following: NATd environments, static forwarders, and VPN concentrators. | All rules in the DNS Tunneling category | |
Your DNS server is configured to allow incoming IPv4 and IPv6 zone transfer requests, and it serves a large number of zones. | Rules 130100100 to 130100401 in the DNS Message Type category | DNS Message Type Rules |
You have enabled DNS Amplification and Refection system rules. | All rules in the DNS Amplification and Reflection category |