Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1240
Views
5
Helpful
4
Replies

drop rate exceeded, exclude specific host

Go to solution
n.vd.coevering
Level 1
Level 1

‎03-01-2014 09:26 AM - edited ‎03-11-2019 08:52 PM

In our ASA 5520 we see a lot of messages with "drop rate-<x> exceeded". These messages are caused by our Zabbix server that is pinging to about 300 network routers in our nation wide retail network every 60 seconds.

I know that we can ignore these messages or change the threat-detection rate settings. But what we really want is just to exclude the thread-detection for our Zabbix host.

Is it possible and how?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎03-01-2014 12:37 PM

Hi,

If you would like to stop the"drop rate- exceeded" messages for a specific host , that would not be possible on the ASA device. Depending on the configuration on the ASA device , if you have Scanning threat detecttion enabled and this server is being shunned , you would be able to exclude this host using threat-detection scanning-threat except command on the ASA device.

Thanks and Regards,

Vibhor

View solution in original post

4 Replies 4

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎03-01-2014 12:37 PM

Hi,

If you would like to stop the"drop rate- exceeded" messages for a specific host , that would not be possible on the ASA device. Depending on the configuration on the ASA device , if you have Scanning threat detecttion enabled and this server is being shunned , you would be able to exclude this host using threat-detection scanning-threat except command on the ASA device.

Thanks and Regards,

Vibhor

Go to solution
n.vd.coevering
Level 1
Level 1
In response to Vibhor Amrodia

‎03-02-2014 01:56 PM

Thanks Vibhor for confirming what I thought. We are still debating if we are going to enable shunning.

0 Helpful

Go to solution
INGENIERIA Y CONSULTORIAS WEBREDES LTDA
Level 1
Level 1
In response to n.vd.coevering

‎03-03-2014 09:47 AM

but you could enable shunning and disable shun for the zabix host, why not test this behavior ???

had a great day . best regards, and rate if you'll find this post useful
0 Helpful

Go to solution
n.vd.coevering
Level 1
Level 1
In response to INGENIERIA Y CONSULTORIAS WEBREDES LTDA

‎03-04-2014 02:49 AM

Yes, this is possible. But after enabling shunning and excluding the host, warning messages still keep appearing for his host.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card