26-8
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Configuring the Botnet Traffic Filter
Configuring the Dynamic Database
This procedure enables database updates, and also enables use of the downloaded dynamic database by
the ASA. In multiple context mode, the system downloads the database for all contexts using the admin
context interface. You can configure use of the database on a per-context basis.
By default, downloading and using the dynamic database is disabled.
Prerequisites
Enable ASA use of a DNS server in the Device Management > DNS > DNS Client > DNS Lookup area.
In multiple context mode, the system downloads the database for all contexts using the admin context
interface; be sure to identify a DNS server in the admin context.
Detailed Steps
Step 1 Enable downloading of the dynamic database.
• In Single mode, choose the Configuration > Firewall > Botnet Traffic Filter > Botnet Database
pane, then check the Enable Botnet Updater Client check box.
• In multiple context mode in the System execution space, choose the Configuration > Device
Management > Botnet Database pane, then check the Enable Botnet Updater Client check box.
This setting enables downloading of the dynamic database from the Cisco update server. In multiple
context mode, enter this command in the system execution space. If you do not have a database already
installed on the ASA, it downloads the database after approximately 2 minutes. The update server
determines how often the ASA polls the server for future updates, typically every hour.
Step 2 (Multiple context mode only) In multiple context mode, click Apply. Then change to the context where
you want to configure the Botnet Traffic Filter by double-clicking the context name in the Device List.
Step 3 In the Configuration > Firewall > Botnet Traffic Filter > Botnet Database > Dynamic Database
Configuration area, check the Use Botnet data dynamically downloaded from updater server check
box.
Step 4 Click Apply.
Step 5 (Optional) If you want to later remove the database from running memory, perform the following steps:
a. Disable use of the database by unchecking the Use Botnet data dynamically downloaded from
updater server check box.
b. Click Apply.
c. Click Purge Botnet Database.
d. To redownload the database, re-check the Use Botnet data dynamically downloaded from
updater server check box.
e. Click Apply.
Note The Fetch Botnet Database button is for testing purposes only; it downloads and verifies the dynamic
database, but does not store it in running memory.
For information about the Search Dynamic Database area, see the “Searching the Dynamic Database”