https://community.cisco.com/t5/network-security/firepower-dynamic-state-block-ip/m-p/4700566#M1094086 <P>Hi,&nbsp;</P><P>So i want to prevent DoS attack to my server. To do that on firepower, i can use dynamic state rules to block traffic if frequency has been reach. The problem is, i can only block traffic and not the user. So if the user try to do DoS on my server again, they can do it.&nbsp;</P><P>Is there a way to make Firepower action to block IP address instead of traffics?</P> Mon, 10 Oct 2022 06:16:04 GMT raymondluis13 2022-10-10T06:16:04Z https://community.cisco.com/t5/network-security/firepower-dynamic-state-block-ip/m-p/4700566#M1094086 <P>Hi,&nbsp;</P><P>So i want to prevent DoS attack to my server. To do that on firepower, i can use dynamic state rules to block traffic if frequency has been reach. The problem is, i can only block traffic and not the user. So if the user try to do DoS on my server again, they can do it.&nbsp;</P><P>Is there a way to make Firepower action to block IP address instead of traffics?</P> Mon, 10 Oct 2022 06:16:04 GMT https://community.cisco.com/t5/network-security/firepower-dynamic-state-block-ip/m-p/4700566#M1094086 raymondluis13 2022-10-10T06:16:04Z https://community.cisco.com/t5/network-security/firepower-dynamic-state-block-ip/m-p/4720650#M1095034 <P>Hi Raymondluis,</P> <P>&nbsp;</P> <P>In DoS Attack Firepower basically prevents TCP &amp; UDP Connections. In dynamic state rule there is option CONNECTION PER CLIENT so you can set a threshold per client based. Then, there is another option CONNECTION TIMEOUT where you can override a Global Platform setting for Connection timeouts, here you can set time limit in Sec/Min/hourly based connection timeout &nbsp;As you said, &nbsp;if any attacker is trying to attack after timeouts or after connection threshold reduce. Then attacker can generate attacks &nbsp;as well against destination.</P> <P>&nbsp;</P> <P>As you want to block the source IP, you can write separate ACP rule to block the Attacker IP manually. Below are the URL's for Threat Defense service policy&nbsp;</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/threat_defense_service_policies.html#id_71090" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/threat_defense_service_policies.html#id_71090</A></P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/threat_defense_service_policies.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/threat_defense_service_policies.html</A></P> <P>&nbsp;</P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">-----------------------------------------</SPAN><BR /><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.</SPAN><BR /><BR /><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [</SPAN><A href="https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493" target="_blank">https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493</A><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.</SPAN><BR /><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">-----------------------------------------</SPAN></P> <P>&nbsp;</P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">Regards</SPAN></P> <P><SPAN style="background-color:rgb(255,255,255);color:rgb(24,24,24);font-size:14px;">Arunkumar</SPAN></P> Mon, 14 Nov 2022 08:37:35 GMT https://community.cisco.com/t5/network-security/firepower-dynamic-state-block-ip/m-p/4720650#M1095034 Arunkumar Sathasivam 2022-11-14T08:37:35Z