Cisco Cisco Firepower Management Center 4000
25-26
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
The FTP and Telnet Configuration page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.
Tip
For more information on configuring the other options on this page, see
Step 5
You have two options:
•
Add a new server profile. Click the add icon (
) next to
FTP Server
on the left side of the page. The
Add Target pop-up window appears. Specify one or more IP addresses for the client in the
Server
Address
field and click
OK
.
You can specify a single IP address or address block, or a comma-separated list of either or both.
You can specify up to 1024 characters, and you can configure up to 255 policies, including the
default policy. For information on using IPv4 and IPv6 address blocks in the FireSIGHT System,
see
You can specify up to 1024 characters, and you can configure up to 255 policies, including the
default policy. For information on using IPv4 and IPv6 address blocks in the FireSIGHT System,
see
.
A new entry appears in the list of FTP servers on the left side of the page, highlighted to indicate
that it is selected, and the Configuration section updates to reflect the current configuration for the
profile you added.
that it is selected, and the Configuration section updates to reflect the current configuration for the
profile you added.
•
Modify the settings for an existing server profile. Click the configured address for a profile you have
added under
added under
FTP Server
on the left side of the page, or click
default
.
Your selection is highlighted and the Configuration section updates to display the current
configuration for the profile you selected. To delete an existing profile, click the delete icon (
configuration for the profile you selected. To delete an existing profile, click the delete icon (
)
next to the profile you want to remove.
Step 6
Optionally, you can modify any of the following under
Configuration
:
•
Modify the address or addresses listed in the
Networks
field and click any other area of the page.
The highlighted address updates on the left side of the page.
Note that you cannot modify the setting for
Network
in the default profile. The default profile applies
to all servers on your network that are not identified in another profile.
•
Specify any
Ports
that should be monitored for FTP traffic. Port 21 is the well-known port for FTP
traffic.
Note
Add the same list of ports indicated here to the TCP client reassembly port list. For more
information on configuring TCP reassembly ports, see
information on configuring TCP reassembly ports, see
.
•
Update the FTP commands used to transfer files from server to client in the
File Get Commands
field.
•
Update the FTP commands used to transfer files from client to server in the
File Put Commands
field.
Note
Do not change the values in the
File Get Commands
and
File Put Commands
field unless directed to
do so by Support.
•
To detect additional FTP commands outside of those checked by default by the FTP/Telnet
preprocessor, type the commands, separated by spaces in the
preprocessor, type the commands, separated by spaces in the
Additional FTP Commands
field.
You can add as many additional FTP commands as needed.