Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

905

Using Application Layer Preprocessors

Configuring the GTP Command Channel

Chapter 23

You must enable the GTP preprocessor rules in the following table if you want 

them to generate events. See 

 on page 770 for information on 

enabling rules.

You can use the following procedure to modify the ports the GTP preprocessor 

monitors for GTP command messages.

To configure the GTP command channel:

: Admin/Intrusion Admin

1. Select Policies > Intrusion > Intrusion Policy.

The Intrusion Policy page appears.

2. Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click OK to discard those 

changes and continue. See 

 on page 725 

for information on saving unsaved changes in another policy.
The Policy Information page appears.

3. Click Advanced Settings in the navigation panel on the left.

The Advanced Settings page appears.

4. You have two choices, depending on whether GTP Command Channel 

Configuration under Application Layer Preprocessors is enabled:

If the configuration is enabled, click Edit.

If the configuration is disabled, click Enabled, then click Edit.

The GTP Command Channel Configuration page appears.

GTP Preprocessor Rules 

143:1

Generates an event when the preprocessor detects an invalid 

message length.

143:2

Generates an event when the preprocessor detects an invalid 

information element length.

143:3

Generates an event when the preprocessor detects 

information elements that are out of order.