Configuring basic threat detection statistics – Cisco ASA 5505 User Manual

Page 1190

Advertising
background image

56-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 56 Configuring Threat Detection

Configuring Basic Threat Detection Statistics

Configuring Basic Threat Detection Statistics

This section describes how to configure basic threat detection statistics, including enabling or disabling
it and changing the default limits.

Detailed Steps

Denial by access lists

400 drops/sec over the last 600
seconds.

800 drops/sec over the last 20
second period.

320 drops/sec over the last
3600 seconds.

640 drops/sec over the last 120
second period.

Basic firewall checks failed

Packets failed application
inspection

400 drops/sec over the last 600
seconds.

1600 drops/sec over the last 20
second period.

320 drops/sec over the last
3600 seconds.

1280 drops/sec over the last 120
second period.

Interface overload

2000 drops/sec over the last
600 seconds.

8000 drops/sec over the last 20
second period.

1600 drops/sec over the last
3600 seconds.

6400 drops/sec over the last 120
second period.

Table 56-1

Basic Threat Detection Default Settings (continued)

Packet Drop Reason

Trigger Settings

Average Rate

Burst Rate

Command

Purpose

Step 1

threat-detection basic-threat

Example:

hostname(config)# threat-detection

basic-threat

Enables basic threat detection statistics (if you previously
disabled it). Basic threat detection is enabled by default.

Step 2

threat-detection rate

{acl-drop |

bad-packet-drop

| conn-limit-drop |

dos-drop

| fw-drop | icmp-drop |

inspect-drop

| interface-drop |

scanning-threat

| syn-attack}

rate-interval

rate_interval average-rate

av_rate burst-rate burst_rate

Example:

hostname(config)# threat-detection rate

dos-drop rate-interval 600 average-rate 60

burst-rate 100

(Optional) Changes the default settings for one or more type of
event.

For a description of each event type, see the

“Information About

Basic Threat Detection Statistics” section on page 56-2

.

When you use this command with the scanning-threat keyword,
it is also used in the scanning threat detection feature (see the

“Configuring Scanning Threat Detection”

section). If you do not

configure basic threat detection, you can still use this command
with the scanning-threat keyword to configure the rate limits for
scanning threat detection.

You can configure up to three different rate intervals for each
event type.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals