Cisco Cisco Firepower Management Center 4000

If no preprocessor rule is mentioned, the option is not associated with a preprocessor rule.

When selected, causes the FTP/Telnet decoder to save state and provide session context for 
individual packets and only inspects reassembled sessions. When cleared, analyzes each individual 
packet without session context. 

To check for FTP data transfers, this option must be selected.

Detects encrypted telnet and FTP sessions.

You can enable rules 125:7 and 126:2 to generate events for this option. See 

 for more information.

Instructs the preprocessor to continue checking a data stream after it is encrypted, looking for 
eventual decrypted data. 

Protection

You must configure global options for the FTP/Telnet decoder to control whether stateless or stateful 
inspection is performed, encrypted traffic is detected, and whether the decoder should continue to check 
for decrypted data in a data stream that it has identified as encrypted. For more information on global 
settings, see 

.

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices, depending on whether 

 under Application Layer 

Preprocessors is enabled:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

The FTP and Telnet Configuration page appears.

A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. 
See 

 for more information.