19-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 9 Managing Firewall Botnet Traffic Filter Rules
Botnet Traffic Filter Rules Page
BTF Drop Rules Editor
Use the BTF Drop Rules Editor to identify malware traffic that you want to automatically drop. You can
specify multiple drop rules per interface.
Navigation Path
To access the BTF Drop Rules Editor, right-click inside the work area of the Drop Rules table on the
Traffic Classification tab and then select Add Row, or right-click an existing entry and select Edit Row.
Related Topics
Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page 19-6
Understanding Botnet Traffic Filtering, page19-1
Task Flow for Configuring the Botnet Traffic Filter, page19-2
Botnet Traffic Filter Rules Page, page19-9
Dynamic Blacklist Configuration Tab, page19-10
Traffic Classification Tab, page 19-11
BTF Enable Rules Editor, page 19-12
Whitelist/Blacklist Tab, page19-14
Device Whitelist or Device Blacklist Dialog Box, page19-15
Configure DNS Dialog Box, page 17-18
ACL Specifies the access-list to use for identifying the traffic that you want
to monitor. If you do not specify an access list, by default you monitor
all traffic.
To specify the traffic that you want to monitor, click Select to the right
of the ACL field to select an Access Control List object that identifies
the traffic that you want to monitor. For example, you might want to
monitor all port 80 traffic on the outside interface. For more
information about Access Control List objects, see Creating Access
Control List Objects, page 6-49.
Table19-2 BTF Enable Rules Editor (Continued)
Element Description