Name: Cisco ASA 5506-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

18-7

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 18 Threat Detection

Configure Threat Detection

The rate-interval keyword sets the size of the history monitoring window, between 1 and 1440 minutes.

The default is 30 minutes. During this interval, the ASA samples the number of attacks 30 times.

The burst-rate keyword sets the threshold for syslog message generation, between 25 and 2147483647.

The default is 400 per second. When the burst rate is exceeded, syslog message 733104 is generated.

The average-rate keyword sets the average rate threshold for syslog message generation, between 25

and 2147483647. The default is 200 per second. When the average rate is exceeded, syslog message

733105 is generated.

Note This command is available in multiple context mode, unlike the other threat-detection

commands.

Configure Scanning Threat Detection

You can configure scanning threat detection to identify attackers and optionally shun them.

Procedure

Step 1 Enable scanning threat detection.

threat-detection scanning-threat [shun [except {ip-address ip_address mask | object-group

network_object_group_id}]]

Example:

hostname(config)# threat-detection scanning-threat shun except ip-address 10.1.1.0

255.255.255.0

By default, the system log message 733101 is generated when a host is identified as an attacker. Enter

this command multiple times to identify multiple IP addresses or network object groups to exempt from

shunning.

Step 2 (Optional) Set the duration of the shun for attacking hosts.

threat-detection scanning-threat shun duration seconds

Example:

hostname(config)# threat-detection scanning-threat shun duration 2000

Step 3 (Optional) Change the default event limit for when the ASA identifies a host as an attacker or as a target.

threat-detection rate scanning-threat rate-interval rate_interval average-rate av_rate

burst-rate burst_rate

Example:

hostname(config)# threat-detection rate scanning-threat rate-interval 1200 average-rate 10

burst-rate 20

hostname(config)# threat-detection rate scanning-threat rate-interval 2400 average-rate 10

burst-rate 20

Other manuals for Cisco ASA 5506-X

Quick Start Guide14 pages

Easy Setup Guide11 pages

Installation Guide46 pages

Software Guide37 pages

Hardware Installation Guide52 pages

Mount And Connect12 pages

Mount The Chassis10 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

Cisco ASA 5506-X Specifications

General

Model	ASA 5506-X
Firewall Throughput	750 Mbps
Maximum Firewall Connections	50, 000
Maximum VPN Peers	50
Integrated Ports	8 x 1 GE
Stateful Inspection Throughput	750 Mbps
Weight	4.4 lb (2 kg)
Firewall Throughput (Multiprotocol)	750 Mbps
Firewall Throughput (Application Visibility and Control AVC)	250 Mbps
Concurrent Sessions	50, 000
New Connections per Second	10, 000
IPsec VPN Throughput	100 Mbps
Interfaces	8 x 1 GE
Memory	4 GB
Flash Memory	8 GB
Form Factor	Desktop
VPN Throughput	100 Mbps
Maximum Concurrent Sessions	50, 000
New Sessions per Second	10, 000
Operating Temperature	32 to 104°F (0 to 40°C)
Storage Temperature	-13 to 158°F (-25 to 70°C)
Power Supply	External
Humidity	10% to 90% non-condensing