Hi ! Which threshold is more preferable for DOS profile deployment automatic or manual. I have set automatic as I simply couldn't decide on manual threshold rate. If I have set my threshold to be automatic , how long should I wait before moving from transparent to blocking for my DOS profile ? I had somewhere read that F5 calculates the values using 7 days of historical data and sets threshold values to the highest levels during normal activity for automatic threshold ?
Depending on the mitigations you have selected (CAPTCHA, TCP reset, etc.) threshold calculations start between 2 hours and 24 hours after traffic processing begins. For TPS-based protections, thresholds get updated every hour. These are not final thresholds however, due to concerns about false positives related to the system not having enough data. Final thresholds are established between 24 hours and 7 days from the start and are the result of periodic updates every 12 hours. You should be safe to move to blocking after 7 days--and most likely within the first 48 hours.
Depending on the mitigations you have selected (CAPTCHA, TCP reset, etc.) threshold calculations start between 2 hours and 24 hours after traffic processing begins. For TPS-based protections, thresholds get updated every hour. These are not final thresholds however, due to concerns about false positives related to the system not having enough data. Final thresholds are established between 24 hours and 7 days from the start and are the result of periodic updates every 12 hours. You should be safe to move to blocking after 7 days--and most likely within the first 48 hours.
Yes. Thresholds for both TPS and Stress-based are calculated for a 7-day history. A history snapshot gets created every 12 hours, but the data recorded in that snapshot is a collection of data points made every 10 seconds.
