Cisco Cisco Firepower Management Center 4000

You can also specify 

any

, which allows all TCP options and effectively disables normalization of all 

TCP options. See 

 for additional normalizations performed when you 

do not specify 

any

.

The following table summarizes how you can specify TCP options to allow. If you leave the field 
empty, the system allows only the MSS, Window Scale, and Time Stamp options.

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

The Inline Normalization page appears. A message at the bottom of the page identifies the intrusion 
policy layer that contains the configuration. See 

 for more 

information.

You can set any of the options described in 

.

sack

TCP options 4 (Selective Acknowledgement Permitted) and 5 (Selective 
Acknowledgement)

echo

TCP options 6 (Echo Request) and 7 (Echo Reply)

partial_order

TCP options 9 (Partial Order Connection Permitted) and 10 (Partial Order 
Service Profile)

conn_count

TCP Connection Count options 11 (CC), 12 (CC.New), and 13 (CC.Echo)

alt_checksum

TCP options 14 (Alternate Checksum Request) and 15 (Alternate 
Checksum)

md5

TCP option 19 (MD5 Signature)

the option number, 2 to 
255

a specific option, including options for which there is no keyword

any

all TCP options; this setting effectively disables TCP option normalization