Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
872
Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
Chapter 23
•
To improve performance on FTP data transfers by disabling all
inspection other than state inspection on the data transfer channel,
enable Ignore FTP Transfers.
IMPORTANT!
To inspect data transfers, the global FTP/Telnet Stateful
Inspection option must be selected. For more information on setting global
options, see
•
To detect when telnet commands are used over the FTP command
channel, select Detect Telnet Escape Codes within FTP Commands.
•
To ignore telnet character and line erase commands when normalizing
FTP traffic, enable Ignore Erase Commands during Normalization.
7. Optionally, click Configure Rules for FTP and Telnet Configuration at the top of the
page to display rules associated with individual options.
Click Back to return to the FTP and Telnet Configuration page.
Click Back to return to the FTP and Telnet Configuration page.
8. Optionally, modify the related troubleshooting option only if asked to do so by
Sourcefire Support; click the + sign next to Troubleshooting Options to expand
the troubleshooting options section. See
on page 816 for more information.
9. Save your policy, continue editing, discard your changes, revert to the default
configuration settings in the base policy, or exit while leaving your changes in
the system cache. See the
page 722 for more information.
Understanding Client-Level FTP Options
L
ICENSE
: Protection
You can create profiles for FTP clients. Within each profile, you can specify the
maximum response length for an FTP response from a client. You can also
configure whether the decoder detects bounce attacks and use of telnet
commands on the FTP command channel for a particular client.
If no preprocessor rule is mentioned, the option is not associated with a
If no preprocessor rule is mentioned, the option is not associated with a
preprocessor rule.
Networks
Use this option to specify one or more IP addresses of FTP clients.
You can specify a single IP address or address block, or a comma-separated
You can specify a single IP address or address block, or a comma-separated
list comprised of either or both. You can specify up to 1024 characters, and
you can specify up to 255 profiles including the default profile. For information
on using IPv4 and IPv6 address blocks in the Sourcefire 3D System, see