Cisco ASA 5505 Configuration Manual page 1089

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Configuring the Botnet Traffic Filter

If you do not enable this option, greylisted traffic will not be dropped if you configure a rule in the

Blacklisted Traffic Actions area. See the

for more information about the greylist.

(Optional) To automatically drop malware traffic, perform the following steps.

To manually drop traffic, see the

In the Blacklisted Traffic Actions area, click Add.

The Add Blacklisted Traffic Action dialog box appears.

From the Interface drop-down list, choose the interface on which you want to drop traffic. Only

interfaces on which you enabled Botnet Traffic Filter traffic classification are available.

In the Threat Level area, choose one of the following options to drop traffic specific threat levels.

The default level is a range between Moderate and Very High.

Value—Specify the threat level you want to drop:

Range—Specify a range of threat levels.

In the ACL Used area, from the ACL Used drop-down list choose either --ALL TRAFFIC-- (the

default), or any access list configured on the adaptive security appliance.

To add or edit access lists, click Manage to bring up the ACL Manager. See

ACL Manager,"

You return to the Traffic Settings pane.

If you want to apply additional rules to a given interface, repeat steps

Make sure you do not specify overlapping traffic in multiple rules for a given interface. Because you

cannot control the exact order that rules are matched, overlapping traffic means you do not know

which command will be matched. For example, do not specify both a rule that matches --ALL

TRAFFIC-- as well as a command with and access list for a given interface. In this case, the traffic

might never match the command with the access list. Similarly, if you specify multiple commands

with access lists, make sure each access list is unique, and that the networks do not overlap.

"Blocking Botnet Traffic Manually" section on page

We highly recommend using the default setting unless you have strong reasons for changing

the setting.

Static blacklist entries are always designated with a Very High threat level.

Be sure the access list is a subset of the traffic you specified in the Traffic Classification area.

for more information.

"Botnet Traffic Filter Address Categories" section on page 50-2

Cisco ASA 5500 Series Configuration Guide using ASDM

Configuring the Botnet Traffic Filter

Chapter 15, "Using the

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 1089

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents