Cisco Systems and the ASA Services Module, ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Other Configuration Examples

26-20

Cisco ASA Series Firewall CLI Configuration Guide

Chapter26 Configuring the Botnet Traffic Filter

Configuration Examples for the Botnet Traffic Filter

ciscoasa(config-pmap-c)# inspect dns preset_dns_map dynamic-filter-snoop

ciscoasa(config-pmap-c)# service-policy dynamic-filter_snoop_policy interface outside

ciscoasa(config)# dynamic-filter enable interface outside

ciscoasa(config)# dynamic-filter drop blacklist interface outside

The following recommended example configuration for multiple context mode enables the Botnet

Traffic Filter for two contexts:

Example2 6-2 Multiple Mode Botnet Traffic Filter Recommended Example

ciscoasa(config)# dynamic-filter updater-client enable

ciscoasa(config)# changeto context context1

ciscoasa/context1(config)# dynamic-filter use-database

ciscoasa/context1(config)# class-map dynamic-filter_snoop_class

ciscoasa/context1(config-cmap)# match port udp eq domain

ciscoasa/context1(config-cmap)# policy-map dynamic-filter_snoop_policy

ciscoasa/context1(config-pmap)# class dynamic-filter_snoop_class

ciscoasa/context1(config-pmap-c)# inspect dns preset_dns_map dynamic-filter-snoop

ciscoasa/context1(config-pmap-c)# service-policy dynamic-filter_snoop_policy interface

outside

ciscoasa/context1(config)# dynamic-filter enable interface outside

ciscoasa/context1(config)# dynamic-filter drop blacklist interface outside

ciscoasa/context1(config)# changeto context context2

ciscoasa/context2(config)# dynamic-filter use-database

ciscoasa/context2(config)# class-map dynamic-filter_snoop_class

ciscoasa/context2(config-cmap)# match port udp eq domain

ciscoasa/context2(config-cmap)# policy-map dynamic-filter_snoop_policy

ciscoasa/context2(config-pmap)# class dynamic-filter_snoop_class

ciscoasa/context2(config-pmap-c)# inspect dns preset_dns_map dynamic-filter-snoop

ciscoasa/context2(config-pmap-c)# service-policy dynamic-filter_snoop_policy interface

outside

ciscoasa/context2(config)# dynamic-filter enable interface outside

ciscoasa/context2(config)# dynamic-filter drop blacklist interface outside

Other Configuration Examples

The following sample configuration adds static entries are to the blacklist and to the whitelist. Then, it

monitors all port 80 traffic on the outside interface, and drops blacklisted traffic. It also treats greylist

addresses as blacklisted addresses.

ciscoasa(config)# dynamic-filter updater-client enable

ciscoasa(config)# changeto context context1

ciscoasa/context1(config)# dynamic-filter use-database

ciscoasa/context1(config)# class-map dynamic-filter_snoop_class

ciscoasa/context1(config-cmap)# match port udp eq domain

ciscoasa/context1(config-cmap)# policy-map dynamic-filter_snoop_policy

ciscoasa/context1(config-pmap)# class dynamic-filter_snoop_class

ciscoasa/context1(config-pmap-c)# inspect dns preset_dns_map dynamic-filter-snoop

ciscoasa/context1(config-pmap-c)# service-policy dynamic-filter_snoop_policy interface

outside

ciscoasa/context1(config-pmap-c)# dynamic-filter blacklist

ciscoasa/context1(config-llist)# name bad1.example.com

ciscoasa/context1(config-llist)# name bad2.example.com

Cisco Systems Other Configuration Examples

Models: and the ASA Services Module ASA 5545-X ASA 5555-X ASA 5580 ASA 5585-X ASA 5505

26-20

The following recommended example configuration for multiple context mode enables the Botnet

Traffic Filter for two contexts:

Example2 6-2 Multiple Mode Botnet Traffic Filter Recommended Example

The following sample configuration adds static entries are to the blacklist and to the whitelist. Then, it

monitors all port 80 traffic on the outside interface, and drops blacklisted traffic. It also treats greylist

addresses as blacklisted addresses.