Manualsbrain.com
  1. Manuali
  2. Marche
  3. Cisco
  4. Cisco FirePOWER Appliance 7050

Cisco Cisco FirePOWER Appliance 7050

Scarica
Pagina di 1844
 
26-6
FireSIGHT System User Guide
 
Chapter 26      Using Transport & Network Layer Preprocessors 
  Normalizing Inline Traffic
  •
clears the 3-bit Reserved field in the TCP header
  •
clears the 16-bit Urgent Pointer field if the urgent (URG) control bit is not set
  •
clears the Urgent Pointer field and the URG control bit if there is no payload
  •
clears the urgent control bit if the urgent pointer is not set
  •
clears any option padding bytes
  •
blocks a subsequent SYN that does not have the same sequence number as the original SYN
Dropped TCP Packets
When you enable 
Normalize TCP
, the system drops the following without generating an event:
  •
retransmitted copies of previously dropped packets
  •
traffic that attempts to continue a previously dropped session
  •
any packet that matches any of the following TCP stream preprocessor rules, regardless of whether 
the rules are enabled:
The Blocked Packets performance graph tracks the number of packets dropped as the result of this 
options being enabled. See 
more information.
Automatically Allowed TCP Options
When you enable 
Normalize TCP
 and do not specify 
any
 for 
Allow These TCP Options
, the system performs 
the following normalizations:
  •
except MSS, Window Scale, Time Stamp, and any explicitly allowed options, sets all option bytes 
to No Operation (TCP Option 1)
  •
sets the Time Stamp octets to No Operation if Time Stamp is present but invalid, or valid but not 
negotiated
  •
drops the packet if Time Stamp is negotiated but not present
  •
clears the Time Stamp Echo Reply (TSecr) option field if the Acknowledgement (ACK) control bit 
is not set
  •
sets the MSS and Window Scale options to No Operation (TCP Option 1) if the Synchronization 
(SYN) control bit is not set
See 
 for more information.
Normalizations Associated with Specific TCP Options
The system performs the following optional normalizations when you enable 
Normalize TCP
 and select 
the corresponding option:
  •
enabling the 
Normalize Urgent Pointer
 option sets the two-byte Urgent Pointer header field to the 
payload length if the pointer is greater than the payload length
  •
enabling the 
Normalize TCP Payload
 option normalizes the TCP Data field to ensure consistency in 
retransmitted data and drops any segments that cannot be properly reassembled
Table 26-1
These preprocessor rules drop packets when Normalize TCP is enabled...
129:1, 129:3, 129:4, 129:6, 129:8. 129:11, 129: 14 through 129:19