Cisco ASA 5505 Configuration Manual page 1085
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 50
Configuring the Botnet Traffic Filter
Enable traffic classification and actions for the Botnet Traffic Filter. See the
Step 4
Classification and Actions for the Botnet Traffic Filter" section on page
This procedure enables the Botnet Traffic Filter, which compares the source and destination IP address
in each initial connection packet to the IP addresses in the dynamic database, static database, DNS
reverse lookup cache, and DNS host cache, and sends a syslog message or drops any matching traffic.
(Optional) Block traffic manually based on syslog message information. See the
Step 5
Traffic Manually" section on page
If you choose not to block malware traffic automatically, you can block traffic manually by configuring
an access rule to deny traffic, or by using the shun command in the Command Line Interface tool to
block all traffic to and from a host.
Configuring the Dynamic Database
This procedure enables database updates, and also enables use of the downloaded dynamic database by
the adaptive security appliance. Disabling use of the downloaded database is useful in multiple context
mode so you can configure use of the database on a per-context basis.
By default, downloading and using the dynamic database is disabled.
Prerequisites
Enable adaptive security appliance use of a DNS server in the Device Management > DNS > DNS Client
> DNS Lookup area. In multiple context mode, enable DNS per context.
Detailed Steps
Enable downloading of the dynamic database.
Step 1
•
•
This setting enables downloading of the dynamic database from the Cisco update server. In multiple
context mode, enter this command in the system execution space. If you do not have a database already
installed on the adaptive security appliance, it downloads the database after approximately 2 minutes.
The update server determines how often the adaptive security appliance polls the server for future
updates, typically every hour.
(Multiple context mode only) In multiple context mode, click Apply. Then change to the context where
Step 2
you want to configure the Botnet Traffic Filter by double-clicking the context name in the Device List.
In the Configuration > Firewall > Botnet Traffic Filter > Botnet Database > Dynamic Database
Step 3
Configuration area, check the Use Botnet data dynamically downloaded from updater server check
box.
Click Apply.
Step 4
(Optional) If you want to later remove the database from running memory, perform the following steps:
Step 5
a.
OL-20339-01
In Single mode, choose the Configuration > Firewall > Botnet Traffic Filter > Botnet Database
pane, then check the Enable Botnet Updater Client check box.
In multiple context mode in the System execution space, choose the Configuration > Device
Management > Botnet Database pane, then check the Enable Botnet Updater Client check box.
Disable use of the database by unchecking the Use Botnet data dynamically downloaded from
updater server check box.
50-12.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring the Botnet Traffic Filter
"Enabling Traffic
50-10.
"Blocking Botnet
50-7
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
