topic Firepower DDOS attack prevention in Network Security https://community.cisco.com/t5/network-security/firepower-ddos-attack-prevention/m-p/3054181#M1017378 <P>Hello,</P> <P></P> <P>I'm trying to use the firepower, in my ASA 5555-x with firepower services, in order to protect from a&nbsp;DDOS attack.</P> <P></P> <P>I encountered the following DDOS attack:</P> <P>A lot of global&nbsp;IP addresses sent http connections to my inside web server. The firepower allowed all traffic and my web server crashed.</P> <P></P> <P>I tried to enable rate-based attack prevention in the Network Analysis Policy without the drop checkbox, just for monitoring, but in the intrusion events I can see a lot of events even from my local network trying to access my web server in the DMZ. It looks like that feature will cause a lot of False-Positive events.</P> <P>In the rate-based I configured the control simultaneous connection with 350 connections...</P> <P></P> <P>What is the best way to gain protection from this kind of&nbsp;attack with the firepower?</P> <P></P> <P>BR,</P> <P>Dor.</P> Tue, 12 Mar 2019 13:15:58 GMT doraz 2019-03-12T13:15:58Z Firepower DDOS attack prevention https://community.cisco.com/t5/network-security/firepower-ddos-attack-prevention/m-p/3054181#M1017378 <P>Hello,</P> <P></P> <P>I'm trying to use the firepower, in my ASA 5555-x with firepower services, in order to protect from a&nbsp;DDOS attack.</P> <P></P> <P>I encountered the following DDOS attack:</P> <P>A lot of global&nbsp;IP addresses sent http connections to my inside web server. The firepower allowed all traffic and my web server crashed.</P> <P></P> <P>I tried to enable rate-based attack prevention in the Network Analysis Policy without the drop checkbox, just for monitoring, but in the intrusion events I can see a lot of events even from my local network trying to access my web server in the DMZ. It looks like that feature will cause a lot of False-Positive events.</P> <P>In the rate-based I configured the control simultaneous connection with 350 connections...</P> <P></P> <P>What is the best way to gain protection from this kind of&nbsp;attack with the firepower?</P> <P></P> <P>BR,</P> <P>Dor.</P> Tue, 12 Mar 2019 13:15:58 GMT https://community.cisco.com/t5/network-security/firepower-ddos-attack-prevention/m-p/3054181#M1017378 doraz 2019-03-12T13:15:58Z First of all, how did you https://community.cisco.com/t5/network-security/firepower-ddos-attack-prevention/m-p/3054182#M1017379 <P>First of all, how did you configure the tracking? Based on source or destination?</P> <P></P> <P>If you want the local network to not be checked against it, you should create another NAP without rate based preproc enabled and assign it only to your network, though a NAP rule. This way, the local traffic will not be checked.</P> Thu, 26 Jan 2017 13:00:06 GMT https://community.cisco.com/t5/network-security/firepower-ddos-attack-prevention/m-p/3054182#M1017379 Claudiu Cismaru 2017-01-26T13:00:06Z