Cisco ASA 5505 Configuration Manual page 1104
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring Scanning Threat Detection
Default Settings
Table 51-4
Table 51-4
Average Rate
5 drops/sec over the last 600 seconds.
5 drops/sec over the last 3600 seconds.
The burst rate is calculated as the average rate every N seconds, where N is the burst rate interval. The
burst rate interval is 1/60th of the rate interval or 10 seconds, whichever is larger.
Configuring Scanning Threat Detection
Detailed Steps
Choose the Configuration > Firewall > Threat Detection pane, and check the Enable Scanning
Step 1
Threat Detection check box.
(Optional) To automatically terminate a host connection when the adaptive security appliance identifies
Step 2
the host as an attacker, check the Shun Hosts detected by scanning threat check box.
(Optional) To except host IP addresses from being shunned, enter an address in the Networks excluded
Step 3
from shun field.
You can enter multiple addresses or subnets separated by commas. To choose a network from the list of
IP address objects, click the ... button.
(Optional) To set the duration of a shun for an attacking host, check the Set Shun Duration check box
Step 4
and enter a value between 10 and 2592000 seconds. The default length is 3600 seconds (1 hour). To
restore the default value, click Set Default.
Cisco ASA 5500 Series Configuration Guide using ASDM
51-10
lists the default rate limits for scanning threat detection.
Default Rate Limits for Scanning Threat Detection
Chapter 51
Burst Rate
10 drops/sec over the last 10 second period.
10 drops/sec over the last 60 second period.
Configuring Threat Detection
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
