Cisco Cisco Firepower Management Center 4000

Select the 

 check box to enable detection of obsolete resource record 

types. 

Select the 

 check box to detect experimental resource record types. 

Optionally, click 

 at the top of the page to display rules associated with 

individual options.

Click 

 to return to the DNS Configuration page.

Save your policy, continue editing, discard your changes, revert to the default configuration settings in 
the base policy, or exit while leaving your changes in the system cache. See the 

 table for more information.

Protection

The FTP/Telnet decoder analyzes FTP and telnet data streams, normalizing FTP and telnet commands 
before processing by the rules engine. 

Note the following when using the FTP/Telnet decoder:

The FTP/Telnet decoder requires TCP stream preprocessing. If TCP stream preprocessing is 
disabled and you enable the preprocessor, you are prompted when you save the policy whether to 
enable TCP stream preprocessing. See 

 and 

 for more information.

You must enable FTP and telnet preprocessor rules, which have generator IDs (GIDs) of 125 and 
126, if you want these rules to generate events. A link on the configuration page takes you to a 
filtered view of FTP and telnet preprocessor rules on the intrusion policy Rules page, where you can 
enable and disable rules and configure other rule actions. See 

 for 

more information.

For more information, see the following topics:

Protection

You can set global options to determine whether the FTP/Telnet decoder performs stateful or stateless 
inspection of packets, whether the decoder detects encrypted FTP or telnet sessions, and whether the 
decoder continues to check a data stream after it encounters encrypted data.