cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
270
Views
0
Helpful
2
Replies

FTD 3140 series DOS Protection Features

Joseph Samuela
Level 1
Level 1

Hello  @Marvin Rhoads and Cisco Tech Community

hope this email finds you well

appreciate if you could please confirm below for me 

I am trying to find features of DOS protection on FTD model 3140  should my ISP link be flooded by threat Actor attacking through volume, application, network, and service traffic 

can please advise does this

hardware model (FTD 3140)  and software license ( Essentials, IPS, Malware, URL, Security Client Premier) have below

 a) feature set that has Dos protection and only need license to activate it 

 b) or can i integrate DOS snort Rule Set  into the appliance using snort version 2 or 3 

c) or is there a 3rd Party Software  like radware integration in 4100 series that only needs a Operating System version upgrade for it to be included

 

Thanks

Joseph

 

 

 

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

As of now, Radware integration (as a "decorator" application) is only available on the 4100/4200/9300 series of Cisco Secure firewalls. There's no true DDOS (Distributed Denial of Service) otherwise available on the Cisco Secure Firewall platforms. There is some limited protection against port scans and such but that's not really DDOS. DDOS protection is usually better handled via service from your service provider or other third party.

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

As of now, Radware integration (as a "decorator" application) is only available on the 4100/4200/9300 series of Cisco Secure firewalls. There's no true DDOS (Distributed Denial of Service) otherwise available on the Cisco Secure Firewall platforms. There is some limited protection against port scans and such but that's not really DDOS. DDOS protection is usually better handled via service from your service provider or other third party.

Thanks for your assistance and confirmation Marvin, indeed was reading up on GateKeeper and best DDos Strategy is furtherest from the target network via internet exchange points....as when it hits the interface of the target network its too late

thanks again Marvin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card