Cisco ASA Series Configuration Manual page 386
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configure Connection Settings
set connection per-client-embryonic-max n—The maximum number of simultaneous embryonic
•
connections allowed per client, between 0 and 2000000. The default is 0, which allows unlimited
connections.
Example:
hostname(config-pmap-c)# set connection embryonic-conn-max 1000
hostname(config-pmap-c)# set connection per-client-embryonic-max 50
If you are editing an existing service policy (such as the default global policy called global_policy), you
Step 4
can skip this step. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
Example:
hostname(config)# service-policy global_policy global
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Configure threat detection statistics for attacks intercepted by TCP Intercept.
Step 5
threat-detection statistics tcp-intercept [rate-interval minutes]
[burst-rate attacks_per_sec] [average-rate attacks_per_sec]
Example:
hostname(config)# threat-detection statistics tcp-intercept
The rate-interval keyword sets the size of the history monitoring window, between 1 and 1440 minutes.
The default is 30 minutes. During this interval, the ASA samples the number of attacks 30 times.
The burst-rate keyword sets the threshold for syslog message generation, between 25 and 2147483647.
The default is 400 per second. When the burst rate is exceeded, syslog message 733104 is generated.
The average-rate keyword sets the average rate threshold for syslog message generation, between 25
and 2147483647. The default is 200 per second. When the average rate is exceeded, syslog message
733105 is generated.
Monitor the results with the following commands:
Step 6
show threat-detection statistics top tcp-intercept [all | detail]—View the top 10 protected servers
•
under attack. The all keyword shows the history data of all the traced servers. The detail keyword
shows history sampling data. The ASA samples the number of attacks 30 times during the rate
interval, so for the default 30 minute period, statistics are collected every 60 seconds.
•
clear threat-detection statistics tcp-intercept—Erases TCP Intercept statistics.
Example:
hostname(config)# show threat-detection statistics top tcp-intercept
Top 10 protected servers under attack (sorted by average rate)
Monitoring window size: 30 mins
<Rank> <Server IP:Port> <Interface> <Ave Rate> <Cur Rate> <Total> <Source IP (Last Attack
Time)>
----------------------------------------------------------------------------------
1
10.1.1.5:80 inside 1249 9503 2249245 <various> Last: 10.0.0.3 (0 secs ago)
2
10.1.1.6:80 inside 10 10 6080 10.0.0.200 (0 secs ago)
Cisco ASA Series Firewall CLI Configuration Guide
16-6
Sampling interval: 30 secs
Chapter 16
Connection Settings
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
