Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5450
Views
0
Helpful
1
Replies

Firepower DDOS attack prevention

doraz
Level 1
Level 1

‎01-25-2017 09:01 AM - edited ‎03-12-2019 06:15 AM

Hello,

I'm trying to use the firepower, in my ASA 5555-x with firepower services, in order to protect from a DDOS attack.

I encountered the following DDOS attack:

A lot of global IP addresses sent http connections to my inside web server. The firepower allowed all traffic and my web server crashed.

I tried to enable rate-based attack prevention in the Network Analysis Policy without the drop checkbox, just for monitoring, but in the intrusion events I can see a lot of events even from my local network trying to access my web server in the DMZ. It looks like that feature will cause a lot of False-Positive events.

In the rate-based I configured the control simultaneous connection with 350 connections...

What is the best way to gain protection from this kind of attack with the firepower?

BR,

Dor.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Claudiu Cismaru
Cisco Employee
Cisco Employee

‎01-26-2017 05:00 AM

First of all, how did you configure the tracking? Based on source or destination?

If you want the local network to not be checked against it, you should create another NAP without rate based preproc enabled and assign it only to your network, though a NAP rule. This way, the local traffic will not be checked.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card