Chapter 7
Application Security
Enable audit globally
Enable alert globally
Associate Policy with an Interface
OL-4015-08
Maximum incomplete session thresholds. These fields let you specify the
threshold values for the total number of existing half-open sessions.
Low
High
TCP Maximum Incomplete Sessions per Host:
The router starts deleting half-open sessions for the same host when the total
number for that host exceeds this number. The default number of sessions is 50.
If you check the Blocking Time field and enter a value, the router will continue
to block new connections to that host for the number of minutes that you specify.
Check this box if you want to turn on
traffic.
Check this box if you want to turn on CBAC alert messages for all types of traffic.
In this window, select the interface to which you want to apply the selected policy.
Also specify whether the policy is to apply to incoming traffic, to outgoing traffic,
or to traffic in both directions.
For example, if the router had FastEthernet 0/0 and FastEthernet 0/1 interfaces,
and you wanted to apply the policy to the FastEthernet 0/1 interface, on traffic
flowing in both directions, you would check the box next to FastEthernet 0/1, and
check the boxes in both the Incoming column and the Outgoing column. To have
only incoming traffic inspected, you would only check the box in the Incoming
column.
Cisco Router and Security Device Manager Version 2.2 User's Guide
Stop deleting new connections after the number of new
connections drops below this value. The default value is
400 sessions
Start deleting new connections when the number of new
connections exceeds this value. The default value is 500
sessions
CBAC
audit trail messages for all types of
Global Timeouts and Thresholds
7-29