Cisco Cisco FirePOWER Appliance 7020
26-30
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Using TCP Stream Preprocessing
Step 5
Optionally, modify any of the options under
Global Settings
. See
for more information.
Step 6
You have two options:
•
Add a new target-based policy. Click the add icon (
) next to
Hosts
on the left side of the page. The
Add Target pop-up window appears. Specify one or more IP addresses in the
Host Address
field and
click
OK
.
You can specify a single IP address or address block. You can create a total of 255 target-based
policies including the default policy. For information on using IP address blocks in the FireSIGHT
System, see
policies including the default policy. For information on using IP address blocks in the FireSIGHT
System, see
.
A new entry appears in the list of targets on the left side of the page, highlighted to indicate that it
is selected, and the Configuration section updates to reflect the current configuration for the policy
you added.
is selected, and the Configuration section updates to reflect the current configuration for the policy
you added.
•
Modify the settings for an existing target-based policy. Click the configured address for a policy you
have added under
have added under
Hosts
on the left side of the page, or click
default
.
Your selection is highlighted and the Configuration section updates to display the current
configuration for the policy you selected. To delete an existing target-based policy, click the delete
icon (
configuration for the policy you selected. To delete an existing target-based policy, click the delete
icon (
) next to the policy you want to remove.
Step 7
Optionally, modify any of the TCP policy options under
Configuration
.
For specific instructions on modifying settings for stream reassembly based on client services, server
services, or both go to step
services, or both go to step
; otherwise, go to step
For more information, see
, and
Step 8
To modify settings for stream reassembly based on client, server, or both services, click inside the field
you want to modify or click
you want to modify or click
Edit
next to the field.
The pop-up window for the field you selected appears.
Note that you can enable adaptive profiles to monitor traffic for the stream preprocessor to reassemble
based on services discovered on your network. See
based on services discovered on your network. See
for more information.
Step 9
You have two choices:
•
To add services to monitor, select one or more services from the
Available
list on the left, then click
the right arrow (
>
) button.
•
To remove a service, select it from the
Enabled
list on the right, then click the left arrow (
<
) button.
Use Ctrl or Shift while clicking to select multiple service detectors. You can also click and drag to select
multiple adjacent service detectors.
multiple adjacent service detectors.
Step 10
Click
OK
to add the selections.
The TCP Stream Configuration page is displayed and the services are updated.
Step 11
Optionally, click
Configure Rules for TCP Stream Configuration
at the top of the page to display rules
associated with individual TCP policy options.
Click
Back
to return to the TCP Stream Configuration page.
Step 12
Optionally, modify any of the TCP stream preprocessing global or policy troubleshooting options only
if asked to do so by Support; click the
if asked to do so by Support; click the
+
sign next to
Troubleshooting options
to expand the troubleshooting
options section. For more information, see
.