Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 601

    Page 601 26-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Information About the Botnet Traffic Filter How the Botnet Traffic Filter Works Figure 26-1 shows how the Botnet Traffic Filter works with the dynamic database plus DNS inspection with Botnet Traffic Filter snooping. Figure 26-1 How the Botnet Traffic Filter Works with the Dynamic Database Figure 26-2 shows how the Botnet Traffic Filter works with the static database. Figure 26-2 How the... 
     
26-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Information About the Botnet Traffic Filter
How the Botnet Traffic Filter Works
Figure 26-1 shows how the Botnet Traffic Filter works with the dynamic database plus DNS inspection 
with Botnet Traffic Filter snooping.
Figure 26-1 How the Botnet Traffic Filter Works with the Dynamic Database
Figure 26-2 shows how the Botnet Traffic Filter works with the static database.
Figure 26-2 How the...

    Page 602

    Page 602 26-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Licensing Requirements for the Botnet Traffic Filter Licensing Requirements for the Botnet Traffic Filter The following table shows the licensing requirements for this feature: Prerequisites for the Botnet Traffic Filter To use the dynamic database, identify a DNS server for the ASA so that it can access the Cisco update server URL. In multiple context mode, the system downloads the... 
     
26-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Licensing Requirements for the Botnet Traffic Filter
Licensing Requirements for the Botnet Traffic Filter
The following table shows the licensing requirements for this feature:
Prerequisites for the Botnet Traffic Filter
To use the dynamic database, identify a DNS server for the ASA so that it can access the Cisco update 
server URL. In multiple context mode, the system downloads the...

    Page 603

    Page 603 26-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter This section includes the following topics: Task Flow for Configuring the Botnet Traffic Filter, page 26-7 Configuring the Dynamic Database, page 26-8 Enabling DNS Snooping, page 26-9 Adding Entries to the Static Database, page 26-9 Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page... 
     
26-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
Configuring the Botnet Traffic Filter
This section includes the following topics:
Task Flow for Configuring the Botnet Traffic Filter, page 26-7
Configuring the Dynamic Database, page 26-8
Enabling DNS Snooping, page 26-9
Adding Entries to the Static Database, page 26-9
Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page...

    Page 604

    Page 604 26-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter Configuring the Dynamic Database This procedure enables database updates, and also enables use of the downloaded dynamic database by the ASA. In multiple context mode, the system downloads the database for all contexts using the admin context interface. You can configure use of the database on a per-context basis. By default, downloading and using the... 
     
26-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
Configuring the Dynamic Database
This procedure enables database updates, and also enables use of the downloaded dynamic database by 
the ASA. In multiple context mode, the system downloads the database for all contexts using the admin 
context interface. You can configure use of the database on a per-context basis.
By default, downloading and using the...

    Page 605

    Page 605 26-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter section on page 26-13. What to Do Next See the “Adding Entries to the Static Database” section on page 26-9. Adding Entries to the Static Database The static database lets you augment the dynamic database with domain names or IP addresses that you want to blacklist or whitelist. Static blacklist entries are always designated with a Very High threat... 
     
26-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
section on page 26-13.
What to Do Next
See the “Adding Entries to the Static Database” section on page 26-9.
Adding Entries to the Static Database
The static database lets you augment the dynamic database with domain names or IP addresses that you 
want to blacklist or whitelist. Static blacklist entries are always designated with a Very High threat...

    Page 606

    Page 606 26-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter You must first configure DNS inspection for traffic that you want to snoop using the Botnet Traffic Filter. See the “DNS Inspection” section on page 11-1 and Chapter 1, “Configuring a Service Policy,” for detailed information about configuring advanced DNS inspection options using the Modular Policy Framework. NoteYou can also configure DNS snooping... 
     
26-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
You must first configure DNS inspection for traffic that you want to snoop using the Botnet Traffic 
Filter. See the “DNS Inspection” section on page 11-1 and Chapter 1, “Configuring a Service 
Policy,” for detailed information about configuring advanced DNS inspection options using the 
Modular Policy Framework.
NoteYou can also configure DNS snooping...

    Page 607

    Page 607 26-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter When an address matches, the ASA sends a syslog message. The only additional action currently available is to drop the connection. Prerequisites In multiple context mode, perform this procedure in the context execution space. Recommended Configuration Although DNS snooping is not required, we recommend configuring DNS snooping for maximum use of the... 
     
26-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
When an address matches, the ASA sends a syslog message. The only additional action currently 
available is to drop the connection.
Prerequisites
In multiple context mode, perform this procedure in the context execution space.
Recommended Configuration
Although DNS snooping is not required, we recommend configuring DNS snooping for maximum use 
of the...

    Page 608

    Page 608 26-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter NoteWe highly recommend using the default setting unless you have strong reasons for changing the setting. Value—Specify the threat level you want to drop: –Very Low –Low –Moderate –High –Very High NoteStatic blacklist entries are always designated with a Very High threat level. Range—Specify a range of threat levels. d.In the ACL Used area, from... 
     
26-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
NoteWe highly recommend using the default setting unless you have strong reasons for changing 
the setting. 
Value—Specify the threat level you want to drop:
–Very Low
–Low
–Moderate
–High
–Very High
NoteStatic blacklist entries are always designated with a Very High threat level. 
Range—Specify a range of threat levels.
d.In the ACL Used area, from...

    Page 609

    Page 609 26-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Configuring the Botnet Traffic Filter For example, you receive the following syslog message: ASA-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (209.165.201.1/7890) to outside:209.165.202.129/80 (209.165.202.129/80), destination 209.165.202.129 resolved from dynamic list: bad.example.com You can then perform one of the following actions: Create an... 
     
26-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuring the Botnet Traffic Filter
For example, you receive the following syslog message:
ASA-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 
(209.165.201.1/7890) to outside:209.165.202.129/80 (209.165.202.129/80), destination 
209.165.202.129 resolved from dynamic list: bad.example.com
You can then perform one of the following actions:
Create an...

    Page 610

    Page 610 26-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 26 Configuring the Botnet Traffic Filter Monitoring the Botnet Traffic Filter Detailed Steps Step 1Go to the Search Dynamic Database area: In Single mode or within a context, choose the Configuration > Firewall > Botnet Traffic Filter > Botnet Database Update pane. In multiple context mode in the System execution space, choose the Configuration > Device Management > Botnet Database Update pane. Step 2In the Search string field,... 
     
26-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Monitoring the Botnet Traffic Filter
Detailed Steps
Step 1Go to the Search Dynamic Database area:
In Single mode or within a context, choose the Configuration > Firewall > Botnet Traffic Filter 
> Botnet Database Update pane.
In multiple context mode in the System execution space, choose the Configuration > Device 
Management > Botnet Database Update pane.
Step 2In the Search string field,...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals