59-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 59 Configuring the Botnet Traffic Filter
Licensing Requirements for the Botnet Traffic Filter
Figure 59-2 shows how the Botnet Traffic Filter works with the static database.
Figure 59-2 How the Botnet Traffic Filter Works with the Static Database
Licensing Requirements for the Botnet Traffic Filter
The following table shows the licensing requirements for this feature:
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
Failover Guidelines
Does not support replication of the DNS reverse lookup cache, DNS host cache, or the dynamic database
in Stateful Failover.
Security Appliance
DNS
Host Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Static
Database
DNS Server
Botnet Traffic
Filter
3
Connection to:
209.165.201.3
1a. DNS Request:
bad.example.com
Internet
3b. Send
Syslog Message/Drop Traffic
2a. Add
1
Add entry:
bad.example.com
2
DNS Reply:
209.165.201.3
3a. Match?
248632
Model License Requirement
All models You need the following licenses:
• Botnet Traffic Filter License.
• Strong Encryption (3DES/AES) License to download the dynamic database.