How to determine the IPS throughput using Cisco ASA 5500 IPS Solution?

Hello there!
I´ve been desinging a solution to protect de Server Farm and I intend to use the ASA 5500 series with AIP-SSM module. There´s any tool to determine the real throughput that I need? I mean, how to determine the performance (Firewall + IPS  throughput), what main points I should consinder?

If the server farm is running production levels of traffic today you can get statistics off a variety of networking devices passing the existing traffic. Switches, routers and firewalls all count every byte of traffic they pass. There are plenty of tools that can gather this traffic into tables via SNMP too, such as MRTG.
Do not average your traffic over too great a time peroid, you will miss busy hour peaks. At most, use 5 min averages.
- Bob

Similar Messages

  • How to determine the purchasing group using BADI BBP_PGRP_FIND

    Hello Friends
    We use SRM Server 5.5 (Classic scenario).
    As you know that, purchasing group has the responsible product categories in PPOMA_BBP, when user creates the shopping cart to determine the purchasing group. 
    In our case, we should determine the purchasing group using other criteria.
    MM side is OK to determine the purchasing group using specific criteria.
    Because Material Master has the purch. Group information. 
    In case of SRM, we should develop the logic using BBP_PGRP_FIND BADI.
    But I’m not sure how to use this badi.
    We want to determine the purchasing group based on the following logic.
    If described shopping cart without product ID
    Do Standard purchasing group determination logic.
    Else
    Assign the purch group from MARC- EKGRP (Purchasing Group)
    Is it possible to determine above the logic?
    If yes, Could you give me some information?
    Thank you,
    Best regards,
    SH
    Message was edited by:
            So Hee Lee

    Thank you for your answer.
    I found the way to develop the our logic using BADI: bbp_pgrp_find.
    But I’m not sure the following logic is correct.
    To differentiate described req. or product id req, We check the E_ITEM – PRODUCT using BBP_PD_SC_GETDETAIL.
    IF E_ITEM – PRODUCT is blank, Read the category ID to find the purchasing group.
    To find the purch. Group, we can use FM:  BBP_OM_DETERMINE_RESP_PGRP.
    Import parameter: IS_RESP_ITEM_DATA – Category _ID
    Export parameter: ES_PURCH_DATA
    ELSE
    CALL the customer function to read the R/3 purchasing group from MARC- EKGRP
    Search the HRT5500-TABNR using purchasing group from R/3.
    Search the HRP5500 – OBJID using HRT5500-TABNR
    Call the FM:  BBP_OM_DETERMINE_RESP_PGRP
    Import parameter: IS_RESP_ITEM_DATA – PROC_GROUP – OBJID
    Export parameter: ES_PURCH_DATA
    Thank you
    Best Regards
    SH

  • How to determine the process alias using condition technique in Transportation & Shipment Scheudling?

    Dear All,
    I am trying to use the functionality Transportation and Shipment Scheduling in GATP.
    I would like to know that how the sytem determines the process alias using condition technique in Transportation & Shipment Scheudling?
    As the Transportation & Shipment Scheduling functionality can be extended further by using the configurable process to overcome the complex scenario. But it needs that process alias should not be determined by using the condition technique.
    Moreover, is it possible to use both functionality simultaneously in the system. i.e. Transportation and Shipment Scheduling using condition technique and Transportation and Shipment Scheduling using configurable process?
    Thanks & Regards
    Piyush Ranpura

    Hi Piyush,
    I have added a small overview in the SCN WIKI which shows you the two ways for the process alias determination and also here as attachment:
    http://wiki.sdn.sap.com/wiki/display/SCM/Time+and+Scheduling+Functions
    Yes, depending on your customizing you can use both scheduling methods in parallel. e.g. you activate CPS just for a specific ITEM category or product and/or customer and/or....what ever you want.
    best regards,
    Michael

  • How to determine the patch number used (installed using runInstaller)

    Whilst it easy to find the patch number installed using opatch by using the lsinventory argument.
    Is there a way to find patch number for a patch applied via runInstalled?
    META-INF/MANIFEST.MF from platform/iam-platform-kernel.jar,gives the following:
    Manifest-Version: 1.0
    Ant-Version: Apache Ant 1.7.0
    Created-By: 19.1-b02 (Sun Microsystems Inc.)
    Product-Version: 11.1.1.3.0
    Build-Number: 11.1.1.3.0.0.0
    Built-By: aime1
    Build-Tag: Build_11.1_1_3.0_0_0
    Built-at: 05/02/2011 06:46
    Version: 11.1.1.3.0
    Build-Label: IAM_11.1.1.5.0_GENERIC_110502.0500
    Build-Transaction: NONE
    But I need the exact patch number, eg, p1234567.
    Anyone know where to find this information?
    The system has been patched from 11.1.1.3 to 11.1.1.5
    I am looking for the patches used for WLS, SOA and OIM.
    Regards
    Hanif

    Another way to get it is:
    SELECT XSD_CODE,XSD_VALUE FROM dev_oim.XSD WHERE xsd_code='XL_ADE_LABEL';
    Check Note: 1247564.1 for 11.1.1.3 and 1360009.1 for 11.1.1.5 for builds to patch mapping. Check Note:1299977.1 for how to determine build numbers.
    For WLS you can use: http://docs.oracle.com/cd/E13222_01/wls/docs81/admin_ref/clic.html
    For OIM as mentioned above
    For SOA: $mw_home\Oracle_SOA\bin\soaversion.cmd (or soaversion.sh) to know the SOA version or
    SELECT version, status, owner FROM schema_version_registry where owner = 'DEV_SOAINFRA';-Bikash

  • How to determine the core currently used?

    Hi,
    does anybody knows a Java SE6 method that gets the current processor number?
    It should run at least on WindowsXP with a dual core.
    I'm aware of the fact that the core currently used is a very ephemeral information. Nevertheless I want to verify whether assumptions about the scheduling are correct.
    All solutions without using JNI are welcome.
    Thanks in advance
    -- Thomas

    I doubt it is possible. I am not even sure how you would do that with the windows API. Not sure it is even logical. Since a thread switch can occur at any time that means that an atomic operation would be needed to recover it and that going up/down the call stack to that point would all be places where it would become invalid.

  • How to determine the protocol to use in Sender mail Adapter ?

    Hi All
    Can i use my Microsoft Exhange Server address while configuring Sender Mail Adapter .? If yes , then which protocol i can use out of IMAP and POP ?..
    How do i determine which protocol i should use to connect to my exchange server ?
    Thanks
    rohan

    Hi Rohan,
    //Can i use my Microsoft Exhange Server address while configuring Sender Mail Adapter .?
    Yes, you can.
    //If yes , then which protocol i can use out of IMAP and POP ?..
    You can use either of them. To know more on IMAP and POP, i would suggest you go through these links,
    http://www.trincoll.edu/depts/cc/documentation/email/IMAP_vs_POP/default.htm
    http://www.imap.org/papers/imap.vs.pop.brief.html
    If your are using IMAP, you will have to specify, which folder from which you wnaty the emmail to be retrived, this is not needed for POP.
    Hope this helps,
    Regards,
    bhavesh

  • How to determine the organizational unit using activity category  ????????

    Hello All
    We are working on CRM 7.0 , we need to have the organizational determination based on the activity category , I have put the activity category in the attribute list then I created a determination rule type responsibility and it is working fine in the simulation but after I assigned the determination rule to the transaction type the organizational unity could not be determined. I tried the BADI CRM_ORGMAN_BADI but it was not help.
    Any clues regarding this issue ?
    Regards
    Jacopo

    No answers

  • How to configure Cisco ASA 5500 to work with the iPhone

    We have Cisco ASA 5510 (latest firmware version), and apparently, according to Cisco website it is compatible with new iPhone 3G's IPSec client:
    http://www.cisco.com/en/US/docs/security/vpnclient/cisco_vpnclient/iPhone/2.0/connectivity/guide/iphone.html
    We've setup our first iPhone properly. It connects fine to the network, shows VPN connection as active. Gets a private IP address. But does not let any traffic go to the internal network. We thought it might be DNS problem, but it cannot connect to Exchange server even when using IP address instead of DNS. No luck either.
    After checking ASA logs, we found that iPhone goes through Phase 1 authentication correctly. But then gives some kind of error, mentioning "Attribute 5".
    Has anybody been successful configuring ASA5500 series (in particular 5510) to be used with iPhone?
    I noticed that many people are having these problems.
    Please do not post to this topic if you have ANY OTHER Cisco device.
    Cisco specifies that iPhone is compatible only with Cisco ASA 5500 Security Appliances and PIX Firewalls. Neither Cisco IOS VPN routers nor the VPN 3000 Series Concentrators support the iPhone VPN capabilities.
    Let's keep this topic only for users of ASA 5500 series and PIX Firewalls.
    It would be extremely helpful for a large number of users if somebody posted a list of settings for ASA5500 or PIX firewall that DO work with iPhone 2.0
    Thank you!
    Oleg R

    We found the solution and a bug in Cisco firmware (seems to be a bug).
    First of all, thanks to our Chief Systems Architect Seb, here is a config that worked for us on a Cisco 5520 (latest firmware).
    access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
    access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set iphone esp-3des esp-sha-hmac
    crypto ipsec transform-set iphone mode transport
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set pfs
    crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 iphone
    crypto map outside_map 10 match address vpn
    crypto map outside_map 10 set transform-set ESP-AES-256-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEMDEFAULT_CRYPTOMAP
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto isakmp policy 20
     authentication pre-share
     encryption aes-256
     hash sha
     group 5
     lifetime 86400
    crypto isakmp nat-traversal 20
    group-policy iphone internal
    group-policy iphone attributes
     wins-server value <insert ip> <insert ip>
     dns-server value <insert ip> <insert ip>
     vpn-tunnel-protocol IPSec
     ipsec-udp enable
     ipsec-udp-port 10000
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value iphone_splitTunnelAcl
     default-domain value <insert domain name>
    tunnel-group iphone type remote-access
    tunnel-group iphone general-attributes
     address-pool VPN-Pool
     authentication-server-group ActiveDirectory2
     default-group-policy iphone
    tunnel-group iphone ipsec-attributes
     pre-shared-key <insert pre-shared key>
    For iPhone you have to be using IPSec tab for configuration.
    We tried to set up this config using the wizards, but it would not work.
    Later it turned out that wizards by default set this setting:
    "crypto isakmp nat-traversal 20"
    equal to zero and there is no way to change it from the GUI.
    Only after we changed it (increased the value from 0 to 20) through the command line the connection started working perfectly.
    Please let me know how it works out for you.
    Message was edited by: Rogik
    Message was edited by: Rogik

  • How to determine the ROWNUM in a Master Detail Form

    Hello,
    I am working in a Master Detail Form with Orders and Order Items Information; and I created a process that allows the users to select a Product ID on a tabular form, and the next column is populated automatically with the Product Description.
    To achieve that, I followed some instructions by Denes Kubicek (http://apex.oracle.com/pls/otn/f?p=31517:241), but my case is slightly different:
    <ul>I am using a wizard-created tabular form, instead of a manual tabular form; and </ul>
    <ul>Instead of using another page as a Popup to pass the parameter of the ROWNUM, I am using a plug-in called “Tabular Form Super LOV” which is a modified version of the SkillBuilders’ Super LOV that works on Tabular Forms. </ul>
    The Product ID is returned in the correct row by the plug-in; but in the case of the Product Description, it is always returned into the first row; and my problem is that I don't know how to determine the row where the user clicked to call the plug-in.
    I set up an example in apex.oracle.com in case someone would like to look at it:
    Workspace: ediazjorge
    Username: test
    Password: test
    App Name: Sample App
    App Number: 1550
    BTW, I am using Apex 4.1.1.00.23 and Oracle DB 10.3.2.
    Thanks in advance,
    Erick

    Hello VC,
    Thank you for your time and help.
    Unfortunately, it is still not working properly:
    1. When the Popup LOV opens, the first row of the tabular form is 0, the second row is 1, and so on. How can I assign the values starting with 1 and in the format *0001* ? (I am still a novice on Apex and new to JavaScript :-), sorry about that).
    --2. Also, when I close the Popup LOV, the value of P1_ROWNUM is ‘undefined’ again so I'm not sure if the Product Name column will be populated.--
    3. And finally, you are using the jQuery Selector uPopupLOVIcon, which is an attribute of the Cloudy Theme. In my real application (Apex 4.1.1.00.26), my element looks like: *<img src="/i/lov_16x16.gif" width="16" height="16" alt="Popup Lov" alt="List" style="vertical-align:middle;" align="middle" />*. What do you recommend me to use as a jQuery Selector?
    Again, I really appreciate your help and time. I think you solved the most difficult part.
    Thank you so much,
    Erick
    Update: I just found out that the problem with my comment 2 is because I didn’t delete the previous dynamic action that set the value to P1_ROWNUM.
    Edited by: ediazjorge on Sep 18, 2012 11:20 AM

  • How to determine the mount point for directory /tmp ?

    Folks,
    Hello. I am installing Oracle 11gR2 RAC using 2 Virtual Machines (rac1 and rac2 whose OS are Oracle Linux 5.6) in VMPlayer and according to the tutorial
    http://appsdbaworkshop.blogspot.com/2011/10/11gr2-rac-on-linux-56-using-vmware.html
    I am installing Grid infrastructure. I am on step 7 of 10 (verify Grid installation enviroment) and get this error:
    "Free Space: Rac2: /tmp"
    Cause: Could not determine mount point for location specified.
    Action: Ensure location specified is available.
    Expected value: n/a
    Actual value: n/a
    I have checked the free space using the command:
    [root@Rac2 /]# df -k /tmp
    Output:
    Filesystem     1k-blocks     used     Available     Use%     Mounted on
    /dev/sda1     30470144     7826952     21070432     28%     /
    As you see above, the free space is enough, but could not determine mount point for /tmp.
    Do any folk understand how to determine the mount point for directory /tmp ?
    Thanks.

    I have just checked "/home/oracle/.bash_profile". But in my computer, there is no "oracle" under /home directory.Is this your first time Linux and Oracle installation? I had a brief look at your referenced link. The reason why you do not find a "oracle" user is because the instructions use "ora11g" instead, which, btw, is not standard. The directories of your installation and your installation source can be somewhat different from known standards and you will have to adjust it to your system.
    My best guess is that you have either missed something in the instructions or you need to ask the author of the blog what is wrong. The chance to find someone here who has experience with these custom instructions is probably unlikely.
    I suggest you try to locate the cluster verification tool, which should be in the bin directory of your grid installation. Alternatively you might want to check the RAC, ASM & Clusterware Installation forum: RAC, ASM & Clusterware Installation

  • How to determine the field size

    I am going to make a multiplatform application that hopefully
    will run on linux and windows 2000.If the os is 2000, then I will use
    vb.net/aspx else I'll use java servlets. I make the connection
    to the web server ( through HTTP) not directly to database server.
    So, the resultset will be stored in the String object. The columns
    will be separated by delimeter. Our problem is how to determine
    the size and type of the fields of mssql,oracle and postgres database
    so that we can include it in the String object.
    Ex.
    String sResultSet=new String();
    ResultSet rs=statement.executeQuery(sSQL);
    while(rs.next()){
    sResultset=sResultSet + rs.getString(field1) + "||" + rs.getString(field2) + "||";
    vertical bars acts as delimeter
    supposedly this is the code:
    sResultset=sResultSet + rs.getString(field1) +"_" + rs.getFieldType() + "_"+
    rs.getFieldSize() + "||" + rs.getString(field2) +"_" + rs.getFieldType() + "_"+
    rs.getFieldSize() + "||";
    supposedly this is the code if rs.getFieldType() and rs.getFieldSize() methods are existing
    Anyone can give me an idea how to get the field type and field size of the database?
    thanks in advance

    Yes, but I dont know how to do it.
    Can you give me an example of using it.
    Thanks in advance

  • How to determine the cost center

    Dear experts:
    Could you give me some suggestions about how to determine the cost center depending on the different
    storage location when we use the t-cdoe MI07
    Thanks in advance.
    Rong

    Hello experts!!!
    how have you resolved this issue???
    I have the same situation, and i dont know how to manage this.
    Thank you very much in advance.
    Best regards,
    M. Cecilia Vacatello.

  • How to determine the type of the jobject... similar to instanceof

    hi,
    I would like to know how to determine the jobject reference of an instance is of which class.
    this is something similar to instanceof we use in java.
    is there any thing like 'instanceof' in JNI. if there how to use it?
    i got this as objective question for which answers were(i do not remember exactly)
    1.instanceof
    2.assignedto
    i could nt het much help in googling.
    thanks in advance

    Hi
    The JNI provides a native version to the java instanceof operator, this function takes two arguments
    an object refrence and a class refrence and reports JNI_TRUE.
    jclass myclass = env->FindClass("your class name");
    if(env->IsInstanceOf(obj,myclass) == JNI_TRUE)
    // obj is of type myclass
    }Regards
    pradish

  • How to determine the solution's ID in absl?

    Hello Community,
    I have a simple question yet I fear there is no simple answer (possibly no answer at all).
    The question is:
    Does any body know ways how to determine the ID (e.g. Y123ABCDY_) of the solution the code is running in?
    My use case is the following:
    We have a solution template which will be deployed in different customer tenant.
    Thus, each deployment will have a different solution ID.
    Now, somewhere in code, we generat PDFs using the OutputManagementUtilities.GetPDF reuse library.
    This method requires the form template code of the pdf to be generated as a parameter.
    However, this PDF form template code is composed of the solution ID and a fixed suffix.
    Thus, currently I need to modify the absl code in each customer installation to manually modify the form template code prefix to the solutions solution ID.
    Therefore I'd like to construct the form template code in absl but for this I need a way to determine the solution's ID.
    Any ideas?
    Best regards,
    Ludger

    Hi Fernando.
    After reading your post I initially thought "what is the ObjectTypeCode" supposed to do any good to determine the solution ID"?
    Using the Object Type code of a custom bo is indeed a way to solve this problem.
    With a little additional code I can extract the relevant solution ID part from there.
    Thanks for the hint, that was really useful.
    Best reegards,
    Ludger

  • How to determine the maximum allowable length of a filename for Window ?

    Hi all,
    Could I know how to determine the allowable file length (the length of the absolute path) for a file in Window environment?
    Due to some reason, I generated a zip file with a very long filename ( > 170) and put in a folder(the length of the folder path around 90). The length of the absolute path is around 260.
    I used FileOutputStream with the ZipOutputStream to write out the zip file. Everything is working fine while i generating the zip file.
    However, while i try to extract some files from the zip file i just created, i encountered the error
    java.util.zip.ZipException The filename is too long.
    I am using the class ZipFile to extract the files from the zip file like the following
    String absPath = "A very long filepath which exceed 260";
    ZipFile zipF = new ZipFile(absPath);  //<-- here is the root causeIs it possible to pre-determine the maximum allowable filepath length prior i generate the zip file ? This is weird since i got no error while i created the zip file, but have problem in extracting the zip file ......
    Thanks

    Assuming you could determine the max, what would you do about it? I'd say you should just assume it will be successful, but accommodate (handle) the possible exception gracefully. Either way you're going to have to handle it as an "exception", whether you "catch" an actual "Exception" object and deal with that, or manually deal with the length exceeding the max.

Maybe you are looking for