In the case of TCP it is measured from the beginning of the TCP Stream. (mostly used in the STRING.TCP engine)
It takes the payloads from each packet in the TCP stream and concatenates them together and the sensor will then inspect the first bytes in the stream up till MaxInspectLength is reached.
So if the first packet has 50 bytes and the MaxInspectLength is less than 50 then only the data in the payload of this first packet in the stream will be inspected.
If, however, each packet has 5 bytes, and MaxInspectLength is set to 50. Then the payload from the the first 10 packets will be inspected until 50 bytes are inspected. The payloads from the additional packets in the stream will not be inspected.
In the case of UDP I believe it is from the beginning of the payload (STRING.UDP).
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...