[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Information about Proventia Change-State Gap

I am trying to implement the ISS Proventia G-series as a intrusion
detection monitor (and hopefully- eventually, as an IPS blocker) into an
environment with heavy use of Citrix and Terminal Services sessions.  


I've noticed that there is a gap of service when the Proventia G-series
goes through a "change state" (such as applying updates, changing
policy, applying response, or even a power down, or power up).  The most
recent firmware *(1.0_2004.0524_00.01.03) has been applied, and the
units are running SR 4.3.  This definitely improves that change state
time (from approx 3 seconds) to "typically less than 1 second"
(depending on the environment), and it also cures some (CRC)
transmission errors that may have been present in original firmware (but
may have only affected certain environments).  At this point, I'm led to
believe that the change state gap is as good as its going to get, at
"less than 1 second".  However, in my testing this still drops Citrix


This leads to a concern about all TCP session related communications,
such are remote access terminal sessions, VPN, and other such.  Has
anyone had identified other sessions that may be affected?


The problem is that a change stat of this nature will usually always
disrupt a Citrix session, and frequently disrupts Windows terminal
services sessions.  Because our environment delivers these (Citrix &
Windows Term Srvcs) with a specific SLA, the disruption in service
afforded by the change-state gap on the Proventia G in not tolerable.  


Does anybody else have Proventia G deployed in an environment with heavy
Citrix usage?  If so, what product enhancements or procedural
modifications have been employed to make the Proventia G viable in an
environment like this?  


Does any one know of any other work around that would enable the
Proventia G series viable to work seamlessly in an environment where a
"1 second" change state gap can impact the delivery of services?  


I'm confident that other enterprises are using the Proventia G in
environment with a high sensitivity with the brief gaps in service.  I
just need to provide a technical resolution, or procedural work around,
or even some slick sales talk that would address the concerns of


How do other IPS products on the market afford the change-state needed
to update signatures, etc?  How about other network infrastructure
products, that may not be ISS or security related, that impose a brief
gap?  How would work-arounds be applied to something like that?


Any information provided that would address these concerns would be


Dan Widger


ISSForum mailing list

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.