Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
1
Replies

help firewall capacity expansion for DDOS protection

castleju1
Level 1
Level 1

‎04-22-2011 11:47 AM - edited ‎03-11-2019 01:24 PM

I have to expand firewall capacity (max session) for  ddos protection

In my opinion, firewall is vulnerable to a session based attack ( like HTTP GET Flooding)

For DDOS protection.. I consider three items
1. remove the L4 in front of firewall (like firewall load balancer)
2. firewall active/active ( multiple context is not used - Cisco engineer is not recommendation)
3. Distributed traffic

Four kinds of technology
- L3 based load balancing ( traffic desctibution using L3)
- source ip  based routing ( PBR )
- switch stack
- dns load balancing

i attached file ( current firewall & nework architecture and new architecture )

I have a few guestions
1.  is  new network architecture possible..?
2.  is it one of best practises or normal architectures..?
3.  is it references..?
4.  additional issues..?

thanks

Labels:
Preview file
252 KB
0 Helpful
1 Reply 1

Parminder Sian
Level 1
Level 1

‎05-16-2011 02:37 AM

Hi KS,


Please have a look at the floowing doc :-


ASA/PIX 7.x and Later: Mitigating the Network Attacks

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml


You dont need to change your setup to mitigate attacks like DDOS. In this doc you will find configuration related to tweeking maximum connection or embryonic connection for port 80 (http). 


Hope this helps.


Regards,

Parminder Sian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card