search cancel

Network throughput limitations of the ATP and SEDR Appliances

book

Article ID: 163148

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You may see an Attention - “Network throughput was over 80% of maximum throughput in last 24 hours” or a similar message on the Symantec Endpoint Detection and Response Appliance in reference to one of the appliances in the Scanner role, or on an All in One Appliance.

Cause

This is a notification to warn that the max saturation of the network pipe is approaching.  As a result, any spikes in traffic may result in packet loss and decreased efficacy if we miss important data. If this is persists, you may want to add more scanners to the environment.

Resolution

There is no way to clear this warning manually. The alert will stay for 24 hours and will be cleared if there are no further instances of traffic exceeding 80% of the rated throughput for the appliance.

Please review the Sizing Guide for the software version running on the scanner appliance for the supported throughput values.