Normalizer Inspector Overview
Type |
Inspector (packet) |
Usage |
Context |
Instance Type |
Network |
Other Inspectors Required |
None |
Enabled |
|
The normalizer
inspector detects and removes protocol anomalies in packets.
The normalizer
inspector can minimize the chances of attackers creating packets
to evade detection in inline deployments.
Note |
Before your send traffic from your network, you must deploy relevant configurations to managed devices using routed, switched, or transparent interfaces, or inline interface pairs. |
You can specify the normalization of any combination of IPv4, IPv6, ICMPv4,
ICMPv6, and TCP protocols in packets. The normalizer
inspector conducts per-packet normalizations and
handles most normalizations. The stream_tcp
inspector handles TCP state-related packet
and stream normalizations, including TCP payload normalization.
Inline normalization takes place immediately after decoding and before processing by other inspectors. Normalization proceeds from the inner to outer packet layers.
The normalizer
inspector does not generate events. The normalizer
inspector prepares packets for use by other inspectors and in inline deployments.
The inspector helps ensure that the packets the system processes are the same as the packets received by the hosts on your
network.