37-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 37 Configuring Inspection of Basic Internet Protocols
DNS Inspection
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: enforced
• Customize—Opens the Add/Edit DNS Policy Map dialog box for additional settings.
• Default Level—Sets the security level back to the default level of Low.
Modes
The following table shows the modes in which this feature is available:
Add/Edit DNS Policy Map (Security Level)
The Add/Edit DNS Policy Map dialog box is accessible as follows:Configuration > Global Objects >
Inspect Maps > DNS > DNS Inspect Map > Basic View
The Add/Edit DNS Policy Map pane lets you configure the security level and additional settings for DNS
application inspection maps.
Fields
• Name—When adding a DNS map, enter the name of the DNS map. When editing a DNS map, the
name of the previously configured DNS map is shown.
• Description—Enter the description of the DNS map, up to 200 characters in length.
• Security Level—Select the security level (high, medium, or low).
–
Low—Default.
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: disabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: disabled
TSIG resource record: not enforced
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
