Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 107

Some normally occurring network communications generate flows for which there
are no responses, such as web requests to a failed web server or to a host that is
down. One-sided flows are generally not a high risk threat and should not apply to
superflows. For this reason, there is a configurable threshold for superflow
generation, which a host has to breach before the flows are bundled into
superflows.
You can also configure branch filtering in the Flow Processor, which allows you to
distribute network processing across multiple Classification Engines. A branch
filter consists of a branch and a flow class definition. The branch filter configuration
controls which flows a component receives. When configuring branch filtering, you
must use groups located at the top of your network hierarchy. For the Flow
Processor, the branch filter specifies which flows the Flow Processor receives from
flow sources.
To configure a Flow Processor:
In either the Flow or System View, select the Flow Processor you wish to
Step 1
configure.
From the menu, select Actions > Configure.
Step 2
Note: You can also use the right mouse button (right-click) to access the Actions
menu items.
The Flow Processor window appears.
Enter values for the parameters:
Step 3
Table 5-8 Flow Processor Parameters
Parameter
Flow Processor Listen
Port
Description
The Classification Engine connects to the Flow Processor to
accept flows through a TCP/IP link. Specify the port that the
Flow Processor monitors for incoming connections. The
default range is from 32000 to 65535.
STRM Administration Guide
Configuring STRM Components 99