Cisco Cisco Firepower Management Center 4000
26-10
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Normalizing Inline Traffic
You can also specify
any
, which allows all TCP options and effectively disables normalization of all
TCP options. See
for additional normalizations performed when you
do not specify
any
.
The following table summarizes how you can specify TCP options to allow. If you leave the field
empty, the system allows only the MSS, Window Scale, and Time Stamp options.
empty, the system allows only the MSS, Window Scale, and Time Stamp options.
To configure the inline normalizations preprocessor:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Inline Normalization page appears. A message at the bottom of the page identifies the intrusion
policy layer that contains the configuration. See
policy layer that contains the configuration. See
for more
information.
Step 5
You can set any of the options described in
.
Specify...
To allow...
sack
TCP options 4 (Selective Acknowledgement Permitted) and 5 (Selective
Acknowledgement)
Acknowledgement)
echo
TCP options 6 (Echo Request) and 7 (Echo Reply)
partial_order
TCP options 9 (Partial Order Connection Permitted) and 10 (Partial Order
Service Profile)
Service Profile)
conn_count
TCP Connection Count options 11 (CC), 12 (CC.New), and 13 (CC.Echo)
alt_checksum
TCP options 14 (Alternate Checksum Request) and 15 (Alternate
Checksum)
Checksum)
md5
TCP option 19 (MD5 Signature)
the option number, 2 to
255
255
a specific option, including options for which there is no keyword
any
all TCP options; this setting effectively disables TCP option normalization