Access Policy - how to exclude DNS querry from logging so Event viewer or export to syslog
I have an 3D 8140 device that is implemented inline between costumers LAN and Data Center. My costumer is required to log everything that goes on in the network for 30 days. I did that by creating a rule in the Access Policy to monitor all traffic and send it to syslog. Unfortunately, it resulted with 115Milion syslog messages in period of 24h. The thing is, 99% of that falls to DNS query’s towards Domain Controllers. Is there a way to exclude those connections from being logged in any way since I do have destination IP Protocol and Port?
It is disabled ATM since it is killing my syslog device
Re: Access Policy - how to exclude DNS querry from logging so Event viewer or export to syslog
Create another ACP rule at the top of the rule set, permitting dns to the domain controllers without logging enabled. Traffic will be permitted on this rule and will therefore not match your other rule which has logging enabled.
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...
"Choose one of the topics below to help you on your journey with NGFW/ASA"
Getting Started with Next-Genera...
Hello! I run 188.8.131.52.When I click download updates in ASDM I get:Download updates failed: Peer certificate cannot be authenticated with known CA certificates I have 3 identical devices and all of them have the same problem.. How can I fix ...
You would like to use the ASA Firewall Umbrella Connector to enforce DNS policy with Umbrella. However you would also like to exclude certain IP addresses or subnets from using this policy. I recently had the need to do this, had a bit of tro...