01-14-2014 02:47 AM - edited 03-11-2019 08:29 PM
Hi , i'm new , just registered
I need to know what kind of cisco asa i should buy for my company, i need to use response rate limit , for limit dns requestes on my dns server.
If you' can helm me, i'll be very gratefull..
01-16-2014 06:49 AM
nobody can help me?
01-16-2014 08:51 AM
Recent versions of ISC BIND can rate-limit their responses themselves; Cisco ASA software can police packet flow rates but it's not their primary function. If the only thing you want is rate-limiting, I wouldn't bother with the ASA. If you need actual firewall, NAT, or IPS functionality, the ASA becomes useful.
To size an ASA, you'd need to know what kind of traffic rates you need to support, and what kind of inspections you plan to do. Cisco has some published packet and throughput data at e.g.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700608.html
In my own experience, simple firewall configurations and test traffic will at least meet and often exceed Cisco's guidance.
Personally, I'm using ASA 5525-x devices to support ~350 users on gigabit fiber uplinks averaging about 6kps, mixed sizes with good results. With the older 5520's I was dropping packets during peak traffic surges to full line rates.
-- Jim Leinweber, WI State Lab of Hygiene
01-17-2014 02:47 AM
thank you for reply james
actually i have in my company kerio firewall, the problem born when we exposed our dns server to internet, it works as a public dns server, but whe we open 53 port our bandwith will be saturated,
i thought that we need something that manage dns requests, so as to prevent the same ip can make requests in a short time.
bind, if I'm not mistaken, is a linux based dns server, but we had already a dns server exposed...windows..
asa choise couldn't help me???
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide