cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

401
Views
0
Helpful
1
Replies
Highlighted
Contributor

Is there any IP DENY Velocity type rules on an ASA5525-X firewall?

Hello,

Currently we have a network-object group BLACKLIST.  In this list is a bunch of IPs that are trying to dictionary attack one of our webservers.  It has done a great deal by cutting down traffic by half, but its not completely stopped.  Our web application vendor is asking if our firewall (ASA 5525-X) has any velocity type rules.  What they are seeing is when the botnet moves on to a new IP address, they hit the server 1000 times a minute.  Is there any dynamic way to keep the blacklist that we have tied to the deny statements updated automatically based on more than x hits in one minute from the same IP?

 

Thanks!

1 REPLY 1
Highlighted
Cisco Employee

I believe your vendor is asking you to configure is threat detection or may be setting the max connection counts.

 

Kindly go through the following documents:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/conns-threat.html

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/conns_connlimits.html

 

Hope that helps, do rate helpful posts.

Chakshu

Content for Community-Ad