Cisco Cisco Firepower Management Center 2000

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices, depending on whether 

under Transport/Network Layer 

Preprocessors is enabled:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

The Checksum Verification page appears. A message at the bottom of the page identifies the intrusion 
policy layer that contains the configuration. See 

 for more 

information.

You can set any of the options in the 

 section to 

 or 

 in a passive or inline 

deployment, or to 

 in an inline deployment:

Note that to drop offending packets you must also enable 

 in addition to setting an option 

to 

 in the policy. See 

 for more 

information. Note also that setting these options to 

 in a passive deployment is the same as setting 

them to 

.

Save your policy, continue editing, discard your changes, revert to the default configuration settings in 
the base policy, or exit while leaving your changes in the system cache. See the 

 table for more information.

Protection

Different VLAN tags in traffic traveling in different directions for the same connection can affect traffic 
reassembly and rule processing. For example, in the following graphic traffic for the same connection 
could be transmitted over VLAN A and received over VLAN B.