cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

813
Views
0
Helpful
1
Replies
Highlighted
Beginner

FPR4140 - FTD Configuring Rate-Based Attack Prevention

I am looking for some baseline config values for the Rate-Based Attack Prevention in Network Analysis Policy for a FTD in routed mode (Edge Firewall).   

Coming from an ASA, the configurable values are totally different on the FTD and does not translate over at all.

I've searched a bit and have not come up with anyone sharing these, I know is dependent on the environment, however, there's also be some sort of standard baseline.

Any assistance will be appreciated. 

1 REPLY 1
Highlighted
Cisco Employee

Hi,

 

The way we do rate-based detection is dependent on the pre-processor configured as part of Intrusion Policy.

 

Basic overview of the feature is available in the config guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Detecting_Specific_Threats.html#ID-2236-00000330

 

I hope this provides some guidance on the values to be configured.

Content for Community-Ad