Cisco Cisco FirePOWER Appliance 8360
26-14
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Defragmenting IP Packets
You can enable the following rules to generate events for this option:
–
123:1 through 123:4
–
123:5 (BSD policy)
–
123:6 through 123:8
Overlap Limit
Specifies that when the configured number between 0 (unlimited) and 255 of overlapping segments
in a session has been detected, defragmentation stops for that session. You must enable
in a session has been detected, defragmentation stops for that session. You must enable
Detect
Anomalies
to configure this option. A blank value disables this option.
You can enable rule 123:12 to generate events for this option. See
for more information.
Minimum Fragment Size
Specifies that when a non-last fragment smaller than the configured number between 0 (unlimited)
and 255 of bytes has been detected, the packet is considered malicious. You must enable
and 255 of bytes has been detected, the packet is considered malicious. You must enable
Detect
Anomalies
to configure this option. A blank value disables this option.
You can enable rule 123:13 to generate events for this option. See
for more information.
Configuring IP Defragmentation
License:
Protection
You can use the following procedure to configure the IP defragmentation preprocessor. For more
information on the IP defragmentation preprocessor configuration options, see
information on the IP defragmentation preprocessor configuration options, see
To configure IP defragmentation:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
IP Defragmentation
under
Transport/Network Layer
Preprocessors
is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.