Intelligent Connection Traffic Monitoring (ICTM)
Article ID: 168476
Updated On:
Products
Content Analysis Software - CA
Issue/Introduction
Content Analysis (CA) is a crucial part of Blue Coat's Advanced Threat Protection (ATP) solutions suite. To take full advantage of its power, it's important to understand, enable, configure, and monitor various modules that can make an administrator's life much easier and save hours of digging through logs and analyzing data mined from those logs.
The purpose of ICTM is to warn the administrator when the CA systems under his/her care become too busy to be as effective as possible. ICTM is a tool to make administrators more proactive without having to constantly monitor every CA system in the environment.
The purpose of ICTM is to warn the administrator when the CA systems under his/her care become too busy to be as effective as possible. ICTM is a tool to make administrators more proactive without having to constantly monitor every CA system in the environment.
Resolution
To solve problems before they arise, the administrator should understand how ICTM is properly setup. That means to change the default values in 2 of the fields we see when navigating to Settings > ICTM.
The fields to change are explained in the following images.
In image 1, the 2 fields have been emptied, and the grayed-out zeros are shown. To fill in these two "blanks" you need to know the total number of Concurrent ICAP Connections that the SG(s) "feeding" objects have been configured to allow. For instance, if the total is 250, then the first box should have 175 entered (175 is 70% of 250) as in image 2.
Notice the pop-up below the box outlined in red. When the mouse cursor is hovering over that box, which will hold the value that is 90% of the total concurrent ICAP connections. For that box, enter 90% of the total, which is 225, as in this final image, which also shows the state of the page after "Save Changes" is clicked as in image 3.
Notice that the word "Success" is displayed next to the Save Changes button.
This completes setting up ICTM on CAS. If your version of CA doesn't include this page, you should upgrade to the latest release. In some cases, that will be a PR (Patch Release) so you get the latest security and bug fixes. Please be certain you always read the Release Notes so important information about upgrade pathways, and which bugs are resolved.
The fields to change are explained in the following images.
Image 1 - initial ICTM setup screen
In image 1, the 2 fields have been emptied, and the grayed-out zeros are shown. To fill in these two "blanks" you need to know the total number of Concurrent ICAP Connections that the SG(s) "feeding" objects have been configured to allow. For instance, if the total is 250, then the first box should have 175 entered (175 is 70% of 250) as in image 2.
Image 2 - partial ICTM setup completed
Notice the pop-up below the box outlined in red. When the mouse cursor is hovering over that box, which will hold the value that is 90% of the total concurrent ICAP connections. For that box, enter 90% of the total, which is 225, as in this final image, which also shows the state of the page after "Save Changes" is clicked as in image 3.
Image 3 - Completion of ICTM page.
Notice that the word "Success" is displayed next to the Save Changes button.
This completes setting up ICTM on CAS. If your version of CA doesn't include this page, you should upgrade to the latest release. In some cases, that will be a PR (Patch Release) so you get the latest security and bug fixes. Please be certain you always read the Release Notes so important information about upgrade pathways, and which bugs are resolved.
Workaround
There is no work-around, and failing to set this page up will result in a significant number of unnecessary alert emails, if alerting is configured, to the administrator when ICTM is enabled but not correctly configured.Feedback
Yes
No
Powered by
