Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
1
Replies

ASA threat detection

S891
Level 2
Level 2

‎06-05-2015 07:03 AM - edited ‎03-11-2019 11:03 PM

hi,

I had upgraded to ASA 9.2 and enabled threat detection. It caused issues with DNS and smtp and threat detection shunned our internal dns as well as external dns servers causing service disruption. I had to disablle threat detection to bring up the infrastructure.  Is there any recommended approach to enable it and avoid these issues?

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-05-2015 07:08 PM

Hi,

This is an automatic action from the ASA device based upon the drops seen on the ASA device for any host.

The best possible workaround would be to use an exception on the ASA device:-

threat-detection scanning-threat [ shun
[ except { ip-address ip_address mask | object-group network_object_group_id } | duration seconds ]]

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t1.html#pgfId-1563523

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card