Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
897
Using Application Layer Preprocessors
Using the Sun RPC Preprocessor
Chapter 23
To configure the Sun RPC preprocessor:
A
CCESS
: Admin/Intrusion Admin
1. Select Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
2. Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click OK to discard those
changes and continue. See
for information on saving unsaved changes in another policy.
The Policy Information page appears.
The Policy Information page appears.
3. Click Advanced Settings in the navigation panel on the left.
The Advanced Settings page appears.
4. You have two choices, depending on whether Sun RPC Configuration under
Application Layer Preprocessors is enabled:
•
If the configuration is enabled, click Edit.
•
If the configuration is disabled, click Enabled, then click Edit.
The Sun RPC Configuration page appears.
A message at the bottom of the page identifies the intrusion policy layer that
page 818 for more information.
5. In the Ports field, type the port numbers where you want to decode RPC
traffic. Separate multiple ports with commas.
6. You can select or clear any of the following detection options on the Sun RPC
Configuration page:
•
Detect fragmented RPC records
•
Detect multiple records in one packet
•
Detect fragmented record sums which exceed one packet
•
Detect single fragment records which exceed the size of one packet