Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
1
Replies

Is there any IP DENY Velocity type rules on an ASA5525-X firewall?

keithsauer507
Level 5
Level 5

‎07-03-2020 09:13 AM

Hello,

Currently we have a network-object group BLACKLIST.  In this list is a bunch of IPs that are trying to dictionary attack one of our webservers.  It has done a great deal by cutting down traffic by half, but its not completely stopped.  Our web application vendor is asking if our firewall (ASA 5525-X) has any velocity type rules.  What they are seeing is when the botnet moves on to a new IP address, they hit the server 1000 times a minute.  Is there any dynamic way to keep the blacklist that we have tied to the deny statements updated automatically based on more than x hits in one minute from the same IP?

 

Thanks!

0 Helpful
1 Reply 1

Chakshu Piplani
Cisco Employee
Cisco Employee

‎07-04-2020 02:43 AM

I believe your vendor is asking you to configure is threat detection or may be setting the max connection counts.

 

Kindly go through the following documents:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/conns-threat.html

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/conns_connlimits.html

 

Hope that helps, do rate helpful posts.

Chakshu

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card