56-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter56 Configuring Threat Detection
Configuring Scanning Threat Detection
Guidelines and Limitations
This section includes the guidelines and limitations for this feature:
Security Context Guidelines
Supported in single mode only. Multiple mode is not supported.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
Types of Traffic Monitored
Only through-the-box traffic is monitored; to-the-box traffic is not included in threat detection.
Traffic that is denied by an access list does not trigger scanning threat detection; only traffic that is
allowed through the ASA and that creates a flow is affected by scanning threat detection.
Default Settings
Table56-5 lists the default rate limits for scanning threat detection.
The burst rate is calculated as the average rate every N seconds, where N is the burst rate interval. The
burst rate interval is 1/30th of the rate interval or 10 seconds, whichever is larger.
Table56-5 Default Rate Limits for Scanning Threat Detection
Average Rate Burst Rate
5 drops/sec over the last 600 seconds. 10 drops/sec over the last 20 second period.
5 drops/sec over the last 3600 seconds. 10 drops/sec over the last 120 second period.