After a recent upgrade of the NSM to 18.104.22.168.1 and the sensors (M-2950) to 22.214.171.124 I am experiencing a drop in throughput, we transfer data files from one part of our system to another to be processed. This transfer is done via FTP, before the upgrade we were transferring 7000 files in 4 minutes, after the upgrade we transfer 7000 files in about 1 hr. sometimes longer, this means that it misses a window for the data to be processed. I cannot see any activity in the logs to say that there are any issues, is it possible to create an ignore rule so that the IP addresses are ignored? please see the drawing below as an guide.
I see other posts about NSM in Network Security Platform so this question probably belongs there.
Moved from Consumer to Business --> Network Security --> Network Security Platform (NSP, NIPS, NAC, NTBA) for attention.
What version did you upgrade from?
Have a look at the KB link below and see if any of the steps help you identify the issue.
How to troubleshoot Sensor latency issues;
You can use an ignore rule or a firewall rule the tell the sensor not to scan the traffic from this source, but it is probably better to find out what the issue is, it may be impacting you in other less obvious ways.
I see a similar issue for 8.2.x M Series sensors is listed as resolved in the 126.96.36.199 hot fix software which was released today.
1078541 During inspection, the Sensor causes delays in the processing of passive FTP traffic.
It's worth checking if this issue is known in the 8.3 release and if there is a hotfix available.
Thanks for the response, I have been informed by my support that I will need to create a firewall rule, I will have a look to see anything is mentioned for the release.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center