Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
0
Helpful
0
Replies

CISCO ASR Firewall Session table protection

jeroen.steverlinck
Level 1
Level 1

‎02-26-2021 04:39 AM

Hello,

 

I would like to protect our ASR router (connected to the ISP and the internal network) from Firewall session table flood attacks by configuring Firewall Session table protection.

 

One of the restrictions I found here is https://contenthub.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16-9/sec-data-zbf-xe-16-9-book/conf-fw-tcp-syn-cookie.html.xml&platform=Cisco%20ASR%201000%20Series%20Aggregation%20Servi...

: "Because a default zone does not support zone type parameter map, you cannot configure the Firewall TCP SYN Cookie feature for a default zone."

 

I currently do not have any Zone Based Policy Firewall features (zones) configured on the ASR.  What would be the minimum configuration required to be able to use this feature?  I have no requirement to split up traffic in different zones.  Could just one zone be configured and this feature enabled ?

 

Many thanks,

 

Jeroen

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card