Cisco Cisco Firepower Management Center 4000

Page of 1844
 
26-5
FireSIGHT System User Guide
 
Chapter 26      Using Transport & Network Layer Preprocessors
  Normalizing Inline Traffic
IPv4 Normalization
License: 
Protection
When you enable 
Normalize IPv4
, the system performs the following base normalizations:
  •
truncates packets with excess payload to the datagram length specified in the IP header
  •
clears the Differentiated Services (DS) field, formerly known as the Type of Service (TOS) field
  •
sets all option octets to 1 (No Operation)
In addition, the system performs the following optional normalizations when you enable IPV4 
normalization and select the corresponding option:
  •
enabling the 
Normalize Don’t Fragment Bit
 option clears the single-bit Don’t Fragment subfield of the 
IPv4 Flags header field
  •
enabling the 
Normalize Reserved Bit
 option clears the single-bit Reserved subfield of the IPv4 Flags 
header field
  •
enabling the 
Normalize TOS Bit
 option clears the one byte Differentiated Services header field, 
formerly known as Type of Service (ToS)
  •
enabling the 
Normalize Excess Payload
 option trims excess payload to the datagram length specified 
in the IP header plus the Layer 2 header
  •
enabling the 
Reset TTL
 and 
Minimize TTL
 options sets the Time to Live (TTL) field as needed to a 
specified minimum value
See 
 for more information.
IPv6 Normalization
License: 
Protection
When you enable 
Normalize IPv6
, the system sets all Option Type fields in the Hop-by-Hop Options and 
Destination Options extension headers to 00 (Skip and continue processing).
Optionally, and as needed, the system also sets the Hop Limit field to a specified minimum value. See 
the 
Reset TTL
 and 
Minimize TTL
 options in 
 for more 
information.
ICMPv4 and ICMPv6 Normalization
License: 
Protection
When you enable 
Normalize ICMPv4
Normalize ICMPv6
, or both, the system clears the 8-bit Code field in 
Echo (Request) and Echo Reply messages in the corresponding ICMP traffic.
TCP Normalization
License: 
Protection
The following sections describe base TCP normalizations, including traffic that is dropped when you 
enable TCP normalization. It also explains normalizations associated with specific TPC normalization 
options.
Base TCP Normalizations
When you enable 
Normalize TCP
, the system performs the following base normalizations: