B-39
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix B Signature Engines
Normalizer Engine
fragments and puts packets in the right order for the TCP stream. The Normalizer does not do any of the
normalization that is done on an inline IPS appliance, because that causes problems in the way the ASA
handles the packets.
The following Normalizer engine signatures are not supported:
• 1300.0
• 1304.0
• 1305.0
• 1307.0
• 1308.0
• 1309.0
• 1311.0
• 1315.0
• 1316.0
• 1317.0
• 1330.0
• 1330.1
• 1330.2
• 1330.9
• 1330.10
• 1330.12
• 1330.14
• 1330.15
• 1330.16
• 1330.17
• 1330.18
Table B-17 lists the parameters that are specific to the Normalizer engine.
Table B-17 Normalizer Engine Parameters
Parameter Description
edit-default-sigs-only Editable signatures.
specify-fragment-reassembly-timeout (Optional) Enables fragment reassembly timeout.
specify-hijack-max-old-ack (Optional) Enables hijack-max-old-ack.
specify-max-dgram-size (Optional) Enables maximum datagram size.
specify-max-fragments (Optional) Enables maximum fragments:
• max-fragments—Lets you specify the number of
maximum fragments.
specify-max-fragments-per-dgram (Optional) Enables maximum fragments per datagram.
specify-max-last-fragments (Optional) Enables maximum last fragments.
specify-max-partial-dgrams (Optional) Enables maximum partial datagrams.