Cisco Cisco Firepower Management Center 4000
26-23
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Using TCP Stream Preprocessing
Tip
The First operating system policy could offer some protection when you do not know the host operating
system. However, it may result in missed attacks. You should edit the policy to specify the correct
operating system if you know it.
system. However, it may result in missed attacks. You should edit the policy to specify the correct
operating system if you know it.
Selecting TCP Policy Options
License:
Protection
The following list describes the options you can set to identify and control TCP traffic that the stream
preprocessor inspects.
preprocessor inspects.
If no preprocessor rule is mentioned, the option is not associated with a preprocessor rule.
Network
Specifies the host IP addresses to which you want to apply the TCP stream reassembly policy.
You can specify a single IP address or address block. You can specify up to 255 total profiles,
including the default policy. For information on using IPv4 and IPv6 address blocks in the
FireSIGHT System, see
including the default policy. For information on using IPv4 and IPv6 address blocks in the
FireSIGHT System, see
.
Table 26-3
TCP Operating System Policies
Policy
Operating Systems
First
unknown OS
Last
Cisco IOS
BSD
AIX
FreeBSD
OpenBSD
Linux
Linux 2.4 kernel
Linux 2.6 kernel
Old Linux
Linux 2.2 and earlier kernel
Windows
Windows 98
Windows NT
Windows 2000
Windows XP
Windows 2003
Windows 2003
Windows Vista
Windows Vista
Solaris
Solaris OS
SunOS
IRIX
SGI Irix
HPUX
HP-UX 11.0 and later
HPUX 10
HP-UX 10.2 and earlier
Mac OS
Mac OS 10 (Mac OS X)