Cisco Cisco Firepower Management Center 4000
C H A P T E R
22-1
FireSIGHT System User Guide
22
Using Advanced Settings in an Intrusion Policy
Advanced settings are preprocessor and other intrusion policy detection and performance configurations
that require specific expertise to configure. Advanced settings typically require little or no modification
and are not common to every deployment.
that require specific expertise to configure. Advanced settings typically require little or no modification
and are not common to every deployment.
You can enable, disable, and modify the configuration of advanced settings. The base policy for your
intrusion policy determines which advanced settings are enabled by default and the default configuration
for each. See
intrusion policy determines which advanced settings are enabled by default and the default configuration
for each. See
for more information.
Some advanced settings must be enabled for certain standard text rules, shared object rules, and
preprocessor rules to function correctly. When you save an intrusion policy with a required advanced
setting that is disabled, you are prompted whether you want the system to automatically enable the
required advanced setting.
preprocessor rules to function correctly. When you save an intrusion policy with a required advanced
setting that is disabled, you are prompted whether you want the system to automatically enable the
required advanced setting.
The web interface identifies some advanced configuration options as troubleshooting options that you
should use only with the assistance of Support.
should use only with the assistance of Support.
See the following sections for more information:
•
explains how to access configuration pages for advanced
settings and lists the advanced settings that you can enable, disable, and configure in an intrusion
policy.
policy.
•
explains how preprocessors normalize traffic for use by the
rules engine.
•
explains how you can automatically enable
preprocessors and other advanced settings that are required by enabled rules or rule options.
•
explains troubleshooting options that you
should set only when asked to do so by Support.
•
explains how you can more efficiently manage
multiple intrusion policies in a complex network by adding intrusion policy layers comprised of
individual configurations for rule attributes and advanced settings.
individual configurations for rule attributes and advanced settings.
Modifying Advanced Settings
License:
Protection
When you select
Advanced Settings
in the navigation panel, you go to the Advanced Settings page, where
advanced settings are listed by type. On this page you can enable or disable advanced settings in your
intrusion policy and access advanced setting configuration pages.
intrusion policy and access advanced setting configuration pages.