Cisco Cisco FirePOWER Appliance 8250
26-2
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Ignoring VLAN Headers
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Checksum Verification
under Transport/Network Layer
Preprocessors is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Checksum Verification page appears. A message at the bottom of the page identifies the intrusion
policy layer that contains the configuration. See
policy layer that contains the configuration. See
for more
information.
Step 5
You can set any of the options in the
Checksum Verification
section to
Enable
or
Disable
in a passive or inline
deployment, or to
Drop
in an inline deployment:
•
ICMP Checksums
•
IP Checksums
•
TCP Checksums
•
UDP Checksums
Note that to drop offending packets you must also enable
Drop when Inline
in addition to setting an option
to
Drop
in the policy. See
for more
information. Note also that setting these options to
Drop
in a passive deployment is the same as setting
them to
Enable
.
Step 6
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Ignoring VLAN Headers
License:
Protection
Different VLAN tags in traffic traveling in different directions for the same connection can affect traffic
reassembly and rule processing. For example, in the following graphic traffic for the same connection
could be transmitted over VLAN A and received over VLAN B.
reassembly and rule processing. For example, in the following graphic traffic for the same connection
could be transmitted over VLAN A and received over VLAN B.