When you select
Settings in the navigation panel of a network
analysis policy, the policy lists its preprocessors by type. On the Settings
page, you can enable or disable preprocessors in your network analysis policy,
as well as access preprocessor configuration pages.
A preprocessor must be enabled for you to configure it. When you
enable a preprocessor, a sublink to the configuration page for the preprocessor
appears beneath the
Settings link in the navigation panel, and an
Edit link to the configuration page appears next to
the preprocessor on the Settings page.
To revert a preprocessor’s configuration to the settings in the
base policy, click
Revert to Defaults on a preprocessor configuration
page. When prompted, confirm that you want to revert.
When you disable a preprocessor, the sublink and
Edit link no longer appear, but your configurations
are retained. Note that to perform their particular analysis, many
preprocessors and intrusion rules require that traffic first be decoded or
preprocessed in a certain way. If you disable a required preprocessor, the
system automatically uses it with its current settings, although the
preprocessor remains disabled in the network analysis policy web interface.
If you want to assess how your configuration would function in
an inline deployment without actually modifying traffic, you can disable inline
mode. In passive deployments or inline deployments in tap mode, the system
cannot affect traffic regardless of the inline mode setting.
Disabling inline mode can affect intrusion event performance
statistics graphs. With inline mode enabled in an inline deployment, the
Intrusion Event Performance page ()
displays graphs that represent normalized and blocked packets. If you disable
inline mode, or in a passive deployment, many of the graphs display data about
the traffic the system would have normalized or dropped.
In an inline deployment, Cisco recommends that you enable inline mode and configure the inline normalization preprocessor with the Normalize TCP Payload option enabled. In a passive deployment, Cisco recommends that you use adaptive profiles.