56-19
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter56 Configuring Threat Detection
Configuration Examples for Threat Detection
Configuration Examples for Threat Detection
The following example configures basic threat detection statistics, and changes the DoS attack rate
settings. All advanced threat detection statistics are enabled, with the host statistics number of rate
intervals lowered to 2. The TCP Intercept rate interval is also customized. Scanning threat detection is
enabled with automatic shunning for all addresses except 10.1.1.0/24. The scanning threat rate intervals
are customized.
threat-detection basic-threat
threat-detection rate dos-drop rate-interval 600 average-rate 60 burst-rate 100
threat-detection statistics
threat-detection statistics host number-of-rate 2
threat-detection statistics tcp-intercept rate-interval 60 burst-rate 800 average-rate 600
threat-detection scanning-threat shun except ip-address 10.1.1.0 255.255.255.0
threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20
threat-detection rate scanning-threat rate-interval 2400 average-rate 10 burst-rate 20
Burst rate interval changed to 1/30th of the
average rate.
8.2(1) In earlier releases, the burst rate interval was 1/60th of the
average rate. To maximize memory usage, the sampling
interval was reduced to 30 times during the average rate.
Improved memory usage 8.3(1) The memory usage for threat detection was improved.
Table56-6 Feature History for Scanning Threat Detection (continued)
Feature Name
Platform
Releases Feature Information