Configuration examples for threat detection – Cisco ASA 5505 User Manual

56-19

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 56 Configuring Threat Detection

Configuration Examples for Threat Detection

Configuration Examples for Threat Detection

The following example configures basic threat detection statistics, and changes the DoS attack rate
settings. All advanced threat detection statistics are enabled, with the host statistics number of rate
intervals lowered to 2. The TCP Intercept rate interval is also customized. Scanning threat detection is
enabled with automatic shunning for all addresses except 10.1.1.0/24. The scanning threat rate intervals
are customized.

threat-detection basic-threat

threat-detection rate dos-drop rate-interval 600 average-rate 60 burst-rate 100

threat-detection statistics

threat-detection statistics host number-of-rate 2

threat-detection statistics tcp-intercept rate-interval 60 burst-rate 800 average-rate 600

threat-detection scanning-threat shun except ip-address 10.1.1.0 255.255.255.0

threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20

threat-detection rate scanning-threat rate-interval 2400 average-rate 10 burst-rate 20

Burst rate interval changed to 1/30th of the
average rate.

8.2(1)

In earlier releases, the burst rate interval was 1/60th of the
average rate. To maximize memory usage, the sampling
interval was reduced to 30 times during the average rate.

Improved memory usage

8.3(1)

The memory usage for threat detection was improved.

Table 56-6

Feature History for Scanning Threat Detection (continued)

Feature Name

Platform
Releases

Feature Information