Cisco Cisco Firepower Management Center 2000
25-19
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
If no preprocessor rule is mentioned, the option is not associated with a preprocessor rule.
Stateful Inspection
When selected, causes the FTP/Telnet decoder to save state and provide session context for
individual packets and only inspects reassembled sessions. When cleared, analyzes each individual
packet without session context.
individual packets and only inspects reassembled sessions. When cleared, analyzes each individual
packet without session context.
To check for FTP data transfers, this option must be selected.
Detect Encrypted Traffic
Detects encrypted telnet and FTP sessions.
You can enable rules 125:7 and 126:2 to generate events for this option. See
for more information.
Continue to Inspect Encrypted Data
Instructs the preprocessor to continue checking a data stream after it is encrypted, looking for
eventual decrypted data.
eventual decrypted data.
Configuring Global FTP/Telnet Options
License:
Protection
You must configure global options for the FTP/Telnet decoder to control whether stateless or stateful
inspection is performed, encrypted traffic is detected, and whether the decoder should continue to check
for decrypted data in a data stream that it has identified as encrypted. For more information on global
settings, see
inspection is performed, encrypted traffic is detected, and whether the decoder should continue to check
for decrypted data in a data stream that it has identified as encrypted. For more information on global
settings, see
.
To configure global options:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
FTP and Telnet Configuration
under Application Layer
Preprocessors is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The FTP and Telnet Configuration page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.