59-9
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 59 Configuring the Botnet Traffic Filter
Configuring the Botnet Traffic Filter
c. Click Purge Botnet Database.
d. To redownload the database, re-check the Use Botnet data dynamically downloaded from
updater server check box.
e. Click Apply.
Note The Fetch Botnet Database button is for testing purposes only; it downloads and verifies the dynamic
database, but does not store it in running memory.
For information about the Search Dynamic Database area, see the “Searching the Dynamic Database”
section on page 59-14.
What to Do Next
See the “Adding Entries to the Static Database” section on page 59-9.
Adding Entries to the Static Database
The static database lets you augment the dynamic database with domain names or IP addresses that you
want to blacklist or whitelist. Static blacklist entries are always designated with a Very High threat level.
See the “Information About the Static Database” section on page 59-4 for more information.
Prerequisites
• In multiple context mode, perform this procedure in the context execution space.
• Enable ASA use of a DNS server in the Device Management > DNS > DNS Client > DNS Lookup
area. In multiple context mode, enable DNS per context.
Detailed Steps
Step 1 Choose the Configuration > Firewall > Botnet Traffic Filter > Black or White List pane, click Add
for the Whitelist or Blacklist.
The Enter hostname or IP Address dialog box appears.
Step 2 In the Addresses field, enter one or more domain names, IP addresses, and IP address/netmasks.
Enter multiple entries separated by commas, spaces, lines, or semi-colons. You can enter up to 1000
entries for each type.
Step 3 Click OK.
Step 4 Click Apply.
What to Do Next
See the “Enabling DNS Snooping” section on page 59-10.