cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
796
Views
0
Helpful
1
Replies

ASA Botnet Traffic Filter - Request for Explanation

Oscar Quinonez
Level 1
Level 1

My organization has the requirement below, and was wondering if we can leverage the ASA with Botnet Traffic Filter:

Req:

For all external Internet flows that attempt to access a service inside the Company enclave, the system must police and filter the traffic based on the source domain (fqdn). For example, external client on external domain source IP address is "Ext.Source.IP" going to internal server "Int.IP:serviceX" where the security device looks (reverse dns) up the "Ext.Source.IP" to determine the domain from a local list (on the security device) of black or white listed domains in order to make the forwarding decision. If there is no match, then a list of  black or white listed IP address(es) is used to make the determination to forward or block the data flow.

Some concerns is how big the buffering cost (delay, cpu, memory) is incurred while doing the "transaction" . Any thoughts and usage experience is greatly appriciated.

1 Reply 1

David White
Cisco Employee
Cisco Employee

Hi Oscar,

This is not possible with the Botnet Traffic Filter (BTF) on the ASA.

BTF was designed to protect internal sources from accessing rouge devices on the Internet - not the other way around.  It can block access based on IP and/or DNS name - including user defined white/black lists.  However, it will not perform a reverse DNS lookup based on an IP.  Additionally, it can filter, but not rate-limit (ie: police).

Hope it helps,

David.

Review Cisco Networking for a $25 gift card