Cisco Cisco FirePOWER Appliance 8140
25-29
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
You can configure client profiles for FTP clients to monitor FTP traffic from clients. For additional
information on the options you can set for monitoring clients, see
information on the options you can set for monitoring clients, see
. For more information on telnet options, see
. For more information on additional FTP options, see
To configure client-level FTP options:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
FTP and Telnet Configuration
under Application Layer
Preprocessors is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The FTP and Telnet Configuration page appears.
Step 5
You have two options:
•
Add a new client profile. Click the add icon (
) next to
FTP Client
on the left side of the page. The
Add Target pop-up window appears. Specify one or more IP addresses for the client in the
Client
Address
field and click
OK
.
You can specify a single IP address or address block, or a comma-separated list of either or both.
You can specify up to 1024 characters, and you can configure up to 255 policies, including the
default policy. For information on using IPv4 and IPv6 address blocks in the FireSIGHT System,
see
You can specify up to 1024 characters, and you can configure up to 255 policies, including the
default policy. For information on using IPv4 and IPv6 address blocks in the FireSIGHT System,
see
A new entry appears in the list of FTP clients on the left side of the page, highlighted to indicate that
it is selected, and the Configuration section updates to reflect the current configuration for the
profile you added.
it is selected, and the Configuration section updates to reflect the current configuration for the
profile you added.
•
Modify the settings for an existing client profile. Click the configured address for a profile you have
added under
added under
FTP Client on
the left side of the page, or click
default
.
Your selection is highlighted and the Configuration section updates to display the current
configuration for the profile you selected. To delete an existing profile, click the delete icon (
configuration for the profile you selected. To delete an existing profile, click the delete icon (
)
next to the profile you want to remove.
Step 6
Optionally, you can modify any of the following under
Configuration
:
•
Optionally, modify the address or addresses listed in the
Networks
field and click any other area of
the page.
The highlighted address updates on the left side of the page.