19-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 9 Managing Firewall Botnet Traffic Filter Rules
Task Flow for Configuring the Botnet Traffic Filter
Step 4 On the Dynamic Blacklist Configuration tab, select Use Dynamic Blacklist to enable use of the dynamic
database.
Note In multiple context mode, these settings are disabled on the System context.
Adding Entries to the Static Database
The static database lets you augment the dynamic database with domain names, IP addresses, or network
addresses that you want to blacklist or whitelist. For more information, see Understanding Botnet Traffic
Filtering, page 19-1.
Related Topics
Whitelist/Blacklist Tab, page19-14
Device Whitelist or Device Blacklist Dialog Box, page19-15
Understanding Botnet Traffic Filtering, page19-1
Task Flow for Configuring the Botnet Traffic Filter, page19-2
Configuring the Dynamic Database, page 19-4
Enabling DNS Snooping, page 19-6
Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page 19-6
Botnet Traffic Filter Rules Page, page19-9
Before You Begin
Enable security appliance use of a DNS server (see DNS Page, page 51-13). In multiple context
mode, enable DNS per context.
Step 1 Do one of the following:
(Device view) Select Firewall > Botnet Traffic Filter Rules from the Policy selector.
(Policy view) Select Firewall > Botnet Traffic Filter Rules from the Policy Type selector. Select
an existing policy or create a new one.
Note For devices in multiple context mode, you configure the static database on the security context.
This opens the Botnet Traffic Filter Rules Page, page19-9.
Step 2 On the Whitelist / Blacklist tab, click the Add Rows button that corresponds with the type of entry you
are adding (Whitelist or Blacklist).
This opens the Device Whitelist or Device Blacklist Dialog Box, page 19-15.
Step 3 In the Domain or IP Address field, enter one or more domain names, IP addresses, and IP
address/netmasks. Enter multiple entries separated by commas or on separate lines. You can enter up to
1000 entries for each type.