Cisco Cisco Firepower Management Center 4000
26-8
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Normalizing Inline Traffic
–
the IPv6 Hop Limit field when
Normalize IPv6
is enabled
The system normalizes the packet by changing its TTL or Hop Limit value to the value set for this
option when the packet value is less than
option when the packet value is less than
Minimum TTL
. Setting this option to a value of 0, or any value
less than
Minimum TTL
, disables the option. The system assumes a value of 0 when the field is empty.
Normalize IPv4
Enables normalization of IPv4 traffic. See
for information on
specific IPv4 normalizations. The system also normalizes the TTL field as needed when this option
is enabled and the value set for
is enabled and the value set for
Reset TTL
enables TTL normalization. You can also enable
Normalize
Don’t Fragment Bits
and
Normalize Reserved Bits
when this option is enabled.
Normalize Don't Fragment Bit
Clears the single-bit Don’t Fragment subfield of the IPv4 Flags header field. Enabling this option
allows a downstream router to fragment packets if necessary instead of dropping them; enabling this
option can also prevent evasions based on crafting packets to be dropped. You must enable
allows a downstream router to fragment packets if necessary instead of dropping them; enabling this
option can also prevent evasions based on crafting packets to be dropped. You must enable
Normalize
IPv4
to select this option.
Normalize Reserved Bit
Clears the single-bit Reserved subfield of the IPv4 Flags header field. You would typically enable
this option. You must enable
this option. You must enable
Normalize IPv4
to select this option.
Normalize TOS Bit
Clears the one-byte Differentiated Services field, formerly known as Type of Service. You must
enable
enable
Normalize IPv4
to select this option.
Normalize Excess Payload
Truncates packets with excess payload to the datagram length specified in the IP header plus the
Layer 2 (for example, Ethernet) header, but does not truncate below the minimum frame length. You
must enable
Layer 2 (for example, Ethernet) header, but does not truncate below the minimum frame length. You
must enable
Normalize IPv4
to select this option.
Normalize IPv6
Sets all Option Type fields in the Hop-by-Hop Options and Destination Options extension headers
to 00 (Skip and continue processing). The system also normalizes the Hop Limit field as needed
when this option is enabled and the value set for
to 00 (Skip and continue processing). The system also normalizes the Hop Limit field as needed
when this option is enabled and the value set for
Reset TTL
enables hop limit normalization.
Normalize ICMPv4
Clears the 8-bit Code field in Echo (Request) and Echo Reply messages in ICMPv4 traffic.
Normalize ICMPv6
Clears the 8-bit Code field in Echo (Request) and Echo Reply messages in ICMPv6 traffic.
Normalize TCP
Enables normalization of TCP traffic. See
for information on
specific TCP normalizations. When this option is enabled, you can also enable
Normalize Urgent
Pointer
,
Normalize TCP Payload
,
Normalize TCP Excess Payload
, and
Exploit Congestion Payload
, and
configure
Allow These TCP Options
. You should ensure that the TCP stream preprocessor is enabled
when you enable this option; see
.