27-10
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 27 Configuring Threat Detection
Configuring Scanning Threat Detection
Default Settings
Table 27-4 lists the default rate limits for scanning threat detection.
The burst rate is calculated as the average rate every N seconds, where N is the burst rate interval. The
burst rate interval is 1/30th of the rate interval or 10 seconds, whichever is larger.
Configuring Scanning Threat Detection
Detailed Steps
Step 1 Choose the Configuration > Firewall > Threat Detection pane, and check the Enable Scanning
Threat Detection check box.
Step 2 (Optional) To automatically terminate a host connection when the ASA identifies the host as an attacker,
check the Shun Hosts detected by scanning threat check box.
Step 3 (Optional) To except host IP addresses from being shunned, enter an address in the Networks excluded
from shun field.
You can enter multiple addresses or subnets separated by commas. To choose a network from the list of
IP address objects, click the ... button.
Step 4 (Optional) To set the duration of a shun for an attacking host, check the Set Shun Duration check box
and enter a value between 10 and 2592000 seconds. The default length is 3600 seconds (1 hour). To
restore the default value, click Set Default.
Table 27-4 Default Rate Limits for Scanning Threat Detection
Average Rate Burst Rate
5 drops/sec over the last 600 seconds. 10 drops/sec over the last 20 second period.
5 drops/sec over the last 3600 seconds. 10 drops/sec over the last 120 second period.