Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
905
Using Application Layer Preprocessors
Configuring the GTP Command Channel
Chapter 23
You must enable the GTP preprocessor rules in the following table if you want
them to generate events. See
on page 770 for information on
enabling rules.
You can use the following procedure to modify the ports the GTP preprocessor
monitors for GTP command messages.
To configure the GTP command channel:
A
CCESS
: Admin/Intrusion Admin
1. Select Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
2. Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click OK to discard those
changes and continue. See
for information on saving unsaved changes in another policy.
The Policy Information page appears.
The Policy Information page appears.
3. Click Advanced Settings in the navigation panel on the left.
The Advanced Settings page appears.
4. You have two choices, depending on whether GTP Command Channel
Configuration under Application Layer Preprocessors is enabled:
•
If the configuration is enabled, click Edit.
•
If the configuration is disabled, click Enabled, then click Edit.
The GTP Command Channel Configuration page appears.
GTP Preprocessor Rules
P
REPROCESSOR
R
ULE
GID:SID
D
ESCRIPTION
143:1
Generates an event when the preprocessor detects an invalid
message length.
143:2
Generates an event when the preprocessor detects an invalid
information element length.
143:3
Generates an event when the preprocessor detects
information elements that are out of order.