To get to this page: Select Option Profiles from the left menu. Go to New > Option Profile or select a profile to edit. On the Scan tab, under Performance, click Configure.
Configure scan performance settings to determine the intensity and speed in which the scanning engine scans your network. The overall scan performance level determines the number of hosts to scan in parallel, the number of processes to run in parallel against each host, and the delay between groups of packets sent to each host. When you select a pre-defined performance level from the Overall Performance menu, individual performance settings are automatically updated based on your selection. If you select Custom, you can customize individual performance settings.
Note that our Inference-based scanning engine uses adaptive technology. If the network response degrades during scanning, the service automatically throttles back the rate in which packets are sent.
Select this option to allow your scanner appliance to automatically scale up the maximum number of hosts to scan in parallel. The maximum number of hosts that may be scanned in parallel when this option is enabled depends on these factors: 1) the performance setting for "Hosts to Scan in Parallel" for Scanner Appliances, and 2) a pre-configured setting for the scanner appliance version. Different scanner appliance versions have different parallel scanning capabilities based on the hardware configuration on the appliance.
There are three pre-defined performance levels to choose from: High, Normal and Low. Select one of these levels or select Custom to customize performance settings.
High. The High performance level is optimized for speed and shorter scan times. This level is recommended only when scanning a single IP or a small number of IPs. As compared to the other levels, more hosts are scanned in parallel, more processes are run in parallel and the delay between groups of packets sent to hosts is shorter. Scans at a High performance level may be faster to complete but may overload your network or networking devices. Scanning a host with limited resources may result in an unresponsive host or service.
Normal. The Normal performance level is recommended as best practice in most cases. Scans at a Normal performance level are well balanced between intensity and speed.
Low. The Low performance level is optimized for low bandwidth network connections and highly utilized networks. This level is recommended if responsiveness for individual hosts and services is low. As compared to the other levels, fewer hosts are scanned in parallel, fewer processes are run in parallel and the delay between groups of packets sent to hosts is longer. Scans at a Low performance level may take longer to complete.
Custom. The Custom performance level allows you to change one or more performance settings. Performance settings should only be customized under special circumstances by users with an in-depth knowledge of the target network and available bandwidth resources.
The following settings may have an impact on your network bandwidth and performance of routers, switches and firewalls. These settings do not affect responsiveness for individual hosts and services. If the impact on your network is too great, you may want to decrease these settings. Note that the number of processes to run in parallel also affects your network bandwidth.
External Scanners. The maximum number of hosts to scan at the same time per scan task.
Scanner Appliances. The maximum number of hosts to scan at the same time per scan task. Note that launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. If you do not have scanner appliances, then disregard this setting.
The following settings may have an impact on your network bandwidth and may affect the responsiveness of individual hosts during scanning. A low setting should be used for scanning hosts with limited or highly utilized resources.
Total Processes. The maximum number of processes to run at the same time per host (this includes HTTP processes).
HTTP Processes. The maximum number of HTTP processes to run at the same time. This setting determines how aggressive the scanning engine scans your web servers. Lower the number of HTTP processes if your web servers cannot handle many HTTP requests sent to them in a short period of time. You may also want to lower this setting to scan devices with multiple web server ports or embedded devices with limited resources. The number of HTTP processes cannot be higher than the total number of processes.
Packet (Burst) Delay. The delay between groups of packets sent to each scanned host. A short delay means that packets are sent more frequently. A long delay means that packets are sent less frequently. The packet delay is set in seconds, ranging approximately from 0 to 4 seconds. Each performance level has been assigned a delay time appropriate for the performance level.
Intensity. The aggressiveness (parallelism) of port scanning and host discovery at the port level. Lowering the intensity level has the effect of serializing port scanning and host discovery. This is useful for certain network conditions like cascading firewalls and lower scan prioritization on the network. Select from one of these intensity levels: Normal, Medium, Low, or Minimum.
Port scanning and host discovery are the phases of a scan which tend to place the highest burden on firewall state tables. If you are scanning through a firewall it's recommended you reduce the intensity level. Unauthenticated scans see more of a performance difference using this option.