Cisco Cisco Firepower Management Center 4000
25-77
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Working with SCADA Preprocessors
Log bad CRCs
When enabled, validates the checksums contained in DNP3 link layer frames. Frames with invalid
checksums are ignored.
checksums are ignored.
You can enable rule 145:1 to generate events when invalid checksums are detected.
To configure the DNP3 preprocessor:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
DNP3 Configuration
under SCADA Preprocessors is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The DNP3 Configuration page appears.
Step 5
Optionally, modify the
Ports
that the preprocessor inspects for DNP3 traffic. You can specify an integer
from 0 to 65535. Use commas to separate multiple ports.
Step 6
Optionally, select or clear the
Log bad CRCs
check box to specify whether to validate the checksums
contained in DNP3 link layer frames and ignore frames with invalid checksums.
Step 7
Optionally, click
Configure Rules for DNP3 Configuration
at the top of the page to display rules associated
with individual options.
Click
Back
to return to the DNP3 Configuration page.
Step 8
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.