Cisco Cisco Firepower Management Center 4000

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved advanced editor changes in another policy, click 

 to discard those changes and 

continue. See 

 for information on saving unsaved 

changes in another policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices, depending on whether 

 under Application Layer Preprocessors is 

enabled:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

The POP Configuration page appears. A message at the bottom of the page identifies the intrusion policy 
layer that contains the configuration. See 

 for more 

information.

Specify the 

 where IMAP traffic should be decoded. Separate multiple port numbers with commas. 

Any port you add to the POP port list should also be added to the TCP client reassembly list for 
each TCP policy. For information on configuring TCP reassembly ports, see 

Specify the maximum bytes of data to extract and decode from any combination of the following email 
attachment types:

 (includes various multipart content types such as plain text, jpeg 

images, mp3 files, and so on)

For each type, you can specify from 1 to 65535 bytes, or specify 0 to extract and, when necessary, decode 
all data in the packet. Specify -1 to ignore data for an attachment type.

You can use the 

file_data

 rule keyword in intrusion rules to inspect the attachment data. See 

 for more information.

Optionally, click 

 at the top of the page to display rules associated with 

individual options.

Click 

 to return to the POP Configuration page.

Save your policy, continue editing, discard your changes, revert to the default configuration settings in 
the base policy, or exit while leaving your changes in the system cache. See the 

 table for more information.

Protection