Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
642
Views
0
Helpful
1
Replies

Firepower Dynamic State block IP

raymondluis13
Level 1
Level 1

‎10-09-2022 11:16 PM

Hi, 

So i want to prevent DoS attack to my server. To do that on firepower, i can use dynamic state rules to block traffic if frequency has been reach. The problem is, i can only block traffic and not the user. So if the user try to do DoS on my server again, they can do it. 

Is there a way to make Firepower action to block IP address instead of traffics?

RL
0 Helpful
1 Reply 1

Arunkumar Sathasivam
Cisco Employee
Cisco Employee

‎11-14-2022 12:37 AM

Hi Raymondluis,

 

In DoS Attack Firepower basically prevents TCP & UDP Connections. In dynamic state rule there is option CONNECTION PER CLIENT so you can set a threshold per client based. Then, there is another option CONNECTION TIMEOUT where you can override a Global Platform setting for Connection timeouts, here you can set time limit in Sec/Min/hourly based connection timeout  As you said,  if any attacker is trying to attack after timeouts or after connection threshold reduce. Then attacker can generate attacks  as well against destination.

 

As you want to block the source IP, you can write separate ACP rule to block the Attacker IP manually. Below are the URL's for Threat Defense service policy 

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/threat_defense_service_policies.html#id_71090

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/threat_defense_service_policies.html

 

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

 

Regards

Arunkumar

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top