Cisco Cisco FirePOWER Appliance 7020
25-49
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding the Session Initiation Protocol
Maximum Contact Length
Specifies the maximum number of bytes to allow in the request or response Contact header field. A
longer Contact triggers an event when rule 140:15 is enabled. The Contact field provides a URI that
specifies the location to contact with subsequent messages.
longer Contact triggers an event when rule 140:15 is enabled. The Contact field provides a URI that
specifies the location to contact with subsequent messages.
Maximum Content Length
Specifies the maximum number of bytes to allow in the content of the request or response message
body. Longer content triggers an event when rule 140:16 is enabled.
body. Longer content triggers an event when rule 140:16 is enabled.
Ignore Audio/Video Data Channel
Enables and disables inspection of data channel traffic. Note that the preprocessor continues
inspection of other non-data-channel SIP traffic when you enable this option.
inspection of other non-data-channel SIP traffic when you enable this option.
Configuring the SIP Preprocessor
License:
Protection
Use the following procedure to configure the SIP preprocessor.
To configure the SIP preprocessor:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
SIP Configuration
under Application Layer Preprocessors is
enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The SIP Configuration page appears. A message at the bottom of the page identifies the intrusion policy
layer that contains the configuration. See
layer that contains the configuration. See
for more
information.
Step 5
.
Step 6
Optionally, click
Configure Rules for SIP Configuration
at the top of the page to display rules associated with
individual options.
Click
Back
to return to the SIP Configuration page.