This Subject will talk about the Pre-Filter Option in FirePower.
in simple Word
Pre-filter is the first stage when the connection starts to establish - we can skip the SNORT ENGINE which contains many policies such as SSL policy, AMP Policy …etc. using Fast Path . another feature is to check The outer header for tunnel protocol such as GRE.
LAB Overview:
We run GRE Tunnel between R1 and R3 with OSPF - Tunnel is working up – FTD configure in the Middle with Default Action IPS (logging Enable)
Can we see any information about the Packets?
You will see – Inner header via ACP logs ONLY which is tunnel ip addresses 172.16.1.1 172.16.1.3
What about the outer header?
By pre-filter option -> use ANALYZE option – you can see the out header of the packet
NOTE:
The logging Option is disabled when the ANALYZE option has been checked.
Then call it from ACP
Result
I hope this help.
Regards
Abdulfattah
