Cisco Cisco Firepower Management Center 4000
26-5
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Normalizing Inline Traffic
IPv4 Normalization
License:
Protection
When you enable
Normalize IPv4
, the system performs the following base normalizations:
•
truncates packets with excess payload to the datagram length specified in the IP header
•
clears the Differentiated Services (DS) field, formerly known as the Type of Service (TOS) field
•
sets all option octets to 1 (No Operation)
In addition, the system performs the following optional normalizations when you enable IPV4
normalization and select the corresponding option:
normalization and select the corresponding option:
•
enabling the
Normalize Don’t Fragment Bit
option clears the single-bit Don’t Fragment subfield of the
IPv4 Flags header field
•
enabling the
Normalize Reserved Bit
option clears the single-bit Reserved subfield of the IPv4 Flags
header field
•
enabling the
Normalize TOS Bit
option clears the one byte Differentiated Services header field,
formerly known as Type of Service (ToS)
•
enabling the
Normalize Excess Payload
option trims excess payload to the datagram length specified
in the IP header plus the Layer 2 header
•
enabling the
Reset TTL
and
Minimize TTL
options sets the Time to Live (TTL) field as needed to a
specified minimum value
See
for more information.
IPv6 Normalization
License:
Protection
When you enable
Normalize IPv6
, the system sets all Option Type fields in the Hop-by-Hop Options and
Destination Options extension headers to 00 (Skip and continue processing).
Optionally, and as needed, the system also sets the Hop Limit field to a specified minimum value. See
the
the
Reset TTL
and
Minimize TTL
for more
information.
ICMPv4 and ICMPv6 Normalization
License:
Protection
When you enable
Normalize ICMPv4
,
Normalize ICMPv6
, or both, the system clears the 8-bit Code field in
Echo (Request) and Echo Reply messages in the corresponding ICMP traffic.
TCP Normalization
License:
Protection
The following sections describe base TCP normalizations, including traffic that is dropped when you
enable TCP normalization. It also explains normalizations associated with specific TPC normalization
options.
enable TCP normalization. It also explains normalizations associated with specific TPC normalization
options.
Base TCP Normalizations
When you enable
Normalize TCP
, the system performs the following base normalizations: