Cisco Systems ASA 5580 Webcam User Manual


 
26-12
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Configuring the Botnet Traffic Filter
Note We highly recommend using the default setting unless you have strong reasons for changing
the setting.
Value—Specify the threat level you want to drop:
Very Low
Low
Moderate
High
Very High
Note Static blacklist entries are always designated with a Very High threat level.
Range—Specify a range of threat levels.
d. In the ACL Used area, from the ACL Used drop-down list choose either --ALL TRAFFIC-- (the
default), or any ACL configured on the ASA.
Note Be sure the ACL is a subset of the traffic you specified in the Traffic Classification area.
To add or edit ACLs, click Manage to bring up the ACL Manager. See the “Adding ACLs and ACEs”
section on page 21-2 in the general operations configuration guide for more information.
e. Click OK.
You return to the Traffic Settings pane.
f. If you want to apply additional rules to a given interface, repeat steps a through e.
Make sure you do not specify overlapping traffic in multiple rules for a given interface. Because you
cannot control the exact order that rules are matched, overlapping traffic means you do not know
which command will be matched. For example, do not specify both a rule that matches --ALL
TRAFFIC-- as well as a command with and ACL for a given interface. In this case, the traffic might
never match the command with the ACL. Similarly, if you specify multiple commands with ACLs,
make sure each ACL is unique, and that the networks do not overlap.
Step 5 Click Apply.
Blocking Botnet Traffic Manually
If you choose not to block malware traffic automatically (see the “Enabling Traffic Classification and
Actions for the Botnet Traffic Filter” section on page 26-10), you can block traffic manually by
configuring an access rule to deny traffic, or by using the shun command in the Command Line Interface
tool to block all traffic to and from a host. For some messages, you can automatically configure access
rules in ASDM.