FTD2100 - DDOS Protection

Fantas · ‎08-30-2020

Hi,

How I will know that my FTD is protecting me from DDOS type of attacks. where I can find If this protection is enabled.

How FirePOWER can protect us from DDOS type of attacks and If Its not setup from where I can start implementing it.

Marvin Rhoads · ‎08-31-2020

DDOS is as much about flooding your Internet link with traffic as it is hitting your actual systems with malicious traffic. A Firepower 2000 series appliance cannot do anything about the former type of attack. It will restrict traffic to your internal network via the standard access control policy rules you have in place.

Fantas · ‎09-01-2020

Thanks.

As you know we can verify threat detection setting on ASA to see whats restricted to mitigate such DDOS attacks.

Is there any way I can verify same setting on FMC and push to FTDs If not setup properly.

Marvin Rhoads · ‎09-01-2020

The equivalent in FTD is known as rate-based attack prevention. Details on configuring it in FMC can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/detecting_specific_threats.html#ID-2236-00000386

The feature requires FMC and is not available with local management (FDM).

Fantas · ‎09-03-2020

Thanks Marvin,

Yes Its clear. I also checked with TAC and we dont have threat defense policy configured on FMC i.e. required for DOS type of attacks.

Marvin Rhoads · ‎09-05-2020

You're welcome. Please rate my answer if it helped.