Applies To:

Show Versions Show Versions

Manual Chapter: Adjusting Internal Parameters
Manual Chapter
Table of Contents   |   << Previous Chapter

The Protocol Security Module has several internal parameters that control how the product functions. In almost all cases, you do not need to change the internal parameters from their default setting in order for your system to function effectively.
Table B.1 lists the internal parameters, their default value, and a description of their purpose.
Specifies whether HTTP traffic bypasses the Protocol Security Module when the system is stopped. The possible values are 1 (bypass enabled) or 0 (bypass disabled). The default value is 0 (bypass disabled). If you set this parameter value to 1, HTTP traffic bypasses the Protocol Security Module if any of the following occur:
-If you restart the Protocol Security Module: traffic bypasses the Protocol Security Module from the time the system is stopped until the Security Enforcer reloads.
--If the Security Enforcer crashes (performs a core dump): traffic bypasses the Protocol Security Module from the time the system crashes until the Security Enforcer reloads.
Specifies whether HTTP traffic bypasses Protocol Security Module as a result of limited resources or when the Security Enforcer is off. The default value is 0 (bypass disabled). If you set this parameter value to 1 (bypass enabled), HTTP traffic bypasses Protocol Security Module when any of the following occur:
-If you restart the Protocol Security Module: traffic bypasses the Protocol Security Module from the time the system is stopped until the Security Enforcer reloads.
-If the system does not have enough memory for the Security Enforcer, or does not have enough system resources.
Defines a maximum URI length that the Protocol Security Module can support in its internal buffers. If this number is higher than the URI length defined per file type, then this number is the limit. If this number is higher than the file type limit, then the file type limit sets the maximum URI length.
Specifies the URI for the ICAP service, which checks requests for viruses by connecting to an Internet Content Adaptation Protocol (ICAP) server.
Specifies the maximum number of concurrent FTP connections that the Protocol Security Module can manage.
Specifies the maximum number of concurrent SMTP connections that the Protocol Security Module can manage.
Specifies the maximum number of violation entries per violation type kept in memory. Note that this parameter applies only to the protocol security profiles.
Specifies the maximum number of concurrent long requests that the Protocol Security Module can handle. A long request is a request longer than request_buffer_size and less than long_request_buffer_size.
Specifies, when set to 1, that data collection is enabled for both the graphs on the Overview screen and also for the Denial of Service attack prevention feature.
When set to 0, data collection is disabled.
If the value is -1, the system decides whether the URL requested is an HTTP request or an HTTPS request based on the incoming traffic.
If the value is 0, the system treats all incoming URL requests as HTTP requests.
If the value is 1, the system treats all incoming URL requests as HTTPS requests.
Specifies the maximum buffer size for a single instance of the accumulated response buffers. The system accumulates response buffers until their total size reaches the max_filtered_html_length.
0 (number of CPUs determines the number of threads)
Specifies, when the value is greater than zero, the number of threads that the Protocol Security Module uses. When the value is 0, the number of CPUs in the system determines the number of threads.
Specifies the maximum memory size (in kilobytes) available for the Protocol Security Modules memory pools. A value of 0 means there is no limit to the maximum memory size.
X-Virus-Name (McAfees default response header)
Specifies the header name used by an anti-virus program on an ICAP server. By default, the system supports an ICAP server with McAfee anti-virus protection. If you are using a different ICAP server, change this to the appropriate header value.
On the Main tab, expand Protocol Security, and then click Options.
The Advanced Configuration screen opens, where you can review the settings for the internal parameters.
Important: F5 Networks recommends that you change the values for the internal parameters only with the guidance of F5 technical support.
If you change any of the parameter values for the internal parameters and decide you want to change them back to their original settings, you can restore the default settings for the internal parameters.
1.
On the Main tab, expand Protocol Security, and then click Options.
The Advanced Configuration screen opens.
2.
Above (or below) the System Variables area, click the Restore Defaults button.
The system resets any changed parameter values to their factory settings.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)