37-11
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 37 Configuring Inspection of Basic Internet Protocols
DNS Inspection
–
Medium
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: not enforced
–
High
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: enforced
–
Default Level—Sets the security level back to the default level of Low.
• Details—Shows the Protocol Conformance, Filtering, Mismatch Rate, and Inspection tabs to
configure additional settings.
Modes
The following table shows the modes in which this feature is available:
Add/Edit DNS Policy Map (Details)
The Add/Edit DNS Policy Map pane lets you configure the security level and additional settings for DNS
application inspection maps
Fields
• Name—When adding a DNS map, enter the name of the DNS map. When editing a DNS map, the
name of the previously configured DNS map is shown.
• Description—Enter the description of the DNS map, up to 200 characters in length.
• Security Level—Shows the security level to configure.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
