Re: 5508X ASA can stop all types of DDOS attack

rpandey1295 · ‎12-20-2018

i am using ASA 5508X firewall.so is this device capable to stop all types of DDOS attack? like

Volume Based Attacks

Protocol Attacks

Application Layer Attacks

or we go for some other device like arbor Ddos Protection for datacenter . please suggest

Thanks

Dennis Mink · ‎12-20-2018

For this you would need to use a NGFW such as Firepower, but there are more out there, simply running ASA will not to application layer protection, firepower can, if you need to protect your www facing content, you need something like F5 ASM, but there is more out there, this will protect you against things like cross site scripting and SQL injections etc.

Please remember to rate useful posts, by clicking on the stars below.

Rahul Govindan · ‎12-20-2018

Short answer is no. ASA does not have DDOS protection mechanism built-in as a feature. You can do rate based policy based on source/destination networks/protocols etc, but the whole idea of DDOS is that it is distributed to source from different networks. Plus the ASA5508 is one of the lower end models, so it would not be able to take a high volume of traffic that is usually seen in a DOS attack. Arbor and Radware are more suited for DDOS protection.

ronit · ‎05-09-2021

The ASA can do basic Threat Detection including basic DOS protection. This document explains what all it does (by default)

ASA Threat Detection Functionality and Configuration - Cisco