Cisco Cisco Firepower Management Center 4000
25-27
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
Note
Additional commands you may want to add include
XPWD
,
XCWD
,
XCUP
,
XMKD
, and
XRMD
. For more
information on these commands, see RFC 775, the Directory oriented FTP commands
specification by the Network Working Group.
specification by the Network Working Group.
•
Specify the default maximum number of bytes for a command parameter in the
Default Max Parameter
Length
field.
•
To detect a different maximum parameter length for particular commands, click
Add
next to
Alternate
Max Parameter Length
. In the first text box of the row that appears, specify the maximum parameter
length. In the second text box, specify the commands, separated by spaces, where this alternate
maximum parameter length should apply.
maximum parameter length should apply.
You can add as many alternative maximum parameter lengths as needed.
•
To check for string format attacks on particular commands, specify the commands, separated by
spaces, in the
spaces, in the
Check Commands for String Format Attacks
text box.
•
To specify the valid format for a command, click
Add
next to
Command Validity
. Specify the command
you want to validate, then type a validation statement for the command parameter. For more
information on the validation statement syntax, see
information on the validation statement syntax, see
•
To improve performance on FTP data transfers by disabling all inspection other than state inspection
on the data transfer channel, enable
on the data transfer channel, enable
Ignore FTP Transfers
.
Note
To inspect data transfers, the global FTP/Telnet
Stateful Inspection
option must be selected. For
more information on setting global options, see
•
To detect when telnet commands are used over the FTP command channel, select
Detect Telnet Escape
Codes within FTP Commands
.
•
To ignore telnet character and line erase commands when normalizing FTP traffic, enable
Ignore
Erase Commands during Normalization
.
Step 7
Optionally, click
Configure Rules for FTP and Telnet Configuration
at the top of the page to display rules
associated with individual options.
Click
Back
to return to the FTP and Telnet Configuration page.
Step 8
Optionally, modify the related troubleshooting option only if asked to do so by Support; click the
+
sign
next to
Troubleshooting Options
to expand the troubleshooting options section. See
for more information.
Step 9
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Understanding Client-Level FTP Options
License:
Protection