Cisco Cisco Firepower Management Center 2000 Guida Alla Risoluzione Dei Problemi
Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
Enable Inline Normalization
Enable Inline Normalization in Versions 5.4 and Later
Enable Inline Normalization in Versions 5.3 and Earlier
Enable Post-ACK Inspection and Pre-ACK Inspection
Understand Post-ACK Inspection (Normalize TCP/Normalize TCP Payload Disabled)
Understand Pre-ACK Inspection (Normalize TCP/Normalize TCP Payload Enabled)
Introduction
This document describes how to enable the inline normalization preprocessor and helps you to
understand the difference and impact of two advanced options of inline normalization.
understand the difference and impact of two advanced options of inline normalization.
Prerequisites
Requirements
Cisco recommends that you have knowledge of the Cisco Firepower system and Snort.
Components Used
The information in this document is based on the Cisco FireSIGHT Management Center and
Firepower appliances.
Firepower appliances.
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Background Information
An inline normalization preprocessor normalizes traffic in order to minimize the chance that an
attacker can evade detection using inline deployments. Normalization occurs immediately after
packet decoding and before any other preprocessors, and proceeds from the inner layers of the
packet outward. Inline normalization does not generate events, but it prepares packets for use by
other preprocessors.
attacker can evade detection using inline deployments. Normalization occurs immediately after
packet decoding and before any other preprocessors, and proceeds from the inner layers of the
packet outward. Inline normalization does not generate events, but it prepares packets for use by
other preprocessors.
When you apply an intrusion policy with the inline normalization preprocessor enabled, the
Firepower device tests these two conditions in order to ensure that you use an inline deployment:
Firepower device tests these two conditions in order to ensure that you use an inline deployment: