Cisco Cisco Firepower 4120 Security Appliance

Table 50: Packet-Anomaly Protection Parameters

Parameter

Description

(Read-only) The ID number for the packet-anomaly protection. The ID is a

Radware ID that appears in the trap sent to APSolute Vision Security logs.

Protection Name

(Read-only) The name of the packet-anomaly protection.

Action

The action that the device takes when the packet anomaly is detected. The action

is only for the specified packet-anomaly protection.
Values:

•

Drop—The device discards the anomalous packets and issues a trap.

•

Report—The device issues a trap for anomalous packets. If the Report
Action

is Process, the packet goes to the rest of the device modules. If

the Report Action is Bypass, the packet bypasses the rest of the

device modules.

•

No Report—The device issues no trap for anomalous packets. If the
Report Action

is Process, the packet goes to the rest of the device

modules. If the Report Action is Bypass, the packet bypasses the rest of

the device modules.

Note:

Click Drop All to set the Action for all packet-anomaly protections to

Drop

. Click Report All to set the Action for all packet-anomaly protections

to Report. Click No Report All to set the Action for all packet-anomaly

protections to No Report.

Risk

The risk associated with the trap for the specific anomaly. Values:
Info, Low, Medium, High
Default: Info

Report Action

The action that the DefensePro device takes on the anomalous packets when the

specified Action is Report or No Report. The Report Action option is only for

the specified packet-anomaly protection.
Values:

•

Bypass—The anomalous packets bypass the device.

•

Process—The DefensePro modules process the anomalous

packets. If the anomalous packets are part of an attack,

DefensePro can mitigate the attack.

Note:

You cannot select Process for the following packet-anomaly

protections:

•

104—Invalid IP Header or Total Length

•

107—Inconsistent IPv6 Headers

•

131—Invalid L4 Header Length

Page 99 of 281