55-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter55 Configuring the Botnet Traffic Filter
Configuring the Botnet Traffic Filter
Adding Entries to the Static Database
The static database lets you augment the dynamic database with domain names or IP addresses that you
want to blacklist or whitelist. Static blacklist entries are always designated with a Very High threat level.
See the “Information About the Static Database” section on page55-3 for more information.
Prerequisites
In multiple context mode, perform this procedure in the context execution space.
Enable ASA use of a DNS server according to the “Configuring the DNS Server” section on
page 10-11.
Detailed Steps
Command Purpose
Step1 dynamic-filter blacklist
Example:
hostname(config)# dynamic-filter blacklist
Edits the Botnet Traffic Filter blacklist.
Step2 Enter one or both of the following:
name domain_name
Example:
hostname(config-llist)# name bad.example.com
Adds a name to the blacklist. You can enter this
command multiple times for multiple entries. You can
add up to 1000 blacklist entries.
address ip_address mask
Example:
hostname(config-llist)# address 10.1.1.1
255.255.255.255
Adds an IP address to the blacklist. You can enter this
command multiple times for multiple entries. The
mask can be for a single host or for a subnet.
Step3 dynamic-filter whitelist
Example:
hostname(config)# dynamic-filter whitelist
Edits the Botnet Traffic Filter whitelist.
Step4 Enter one or both of the following: