Checksum Verification Options

You can set any of the following options to Enabled or Disabled in a passive or inline deployment, or to Drop in an inline deployment:

  • ICMP Checksums

  • IP Checksums

  • TCP Checksums

  • UDP Checksums

To drop offending packets, in addition to setting an option to Drop you must also enable Inline Mode in the associated network analysis policy and ensure that the device is deployed inline.

Setting these options to Drop in a passive deployment, or in an inline deployment in tap mode, is the same as setting them to Enabled.

Attention

Under TCP checksums, the Ignore option (which is the default) bypasses or ignores any configured Snort rules.

The default for all checksum verification options is Enabled. However, threat defense routed and transparent interfaces always drop packets that fail IP checksum verification. Note that the threat defense routed and transparent interfaces fix UDP packets with a bad checksum before passing the packets to the Snort process.