26-6
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Licensing Requirements for the Botnet Traffic Filter
Licensing Requirements for the Botnet Traffic Filter
The following table shows the licensing requirements for this feature:
Prerequisites for the Botnet Traffic Filter
To use the dynamic database, identify a DNS server for the ASA so that it can access the Cisco update
server URL. In multiple context mode, the system downloads the database for all contexts using the
admin context interface; be sure to identify a DNS server in the admin context.
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
Failover Guidelines
Does not support replication of the DNS reverse lookup cache, DNS host cache, or the dynamic database
in Stateful Failover.
IPv6 Guidelines
Does not support IPv6.
Additional Guidelines and Limitations
• TCP DNS traffic is not supported.
• You can add up to 1000 blacklist entries and 1000 whitelist entries in the static database.
• The packet tracer is not supported.
Default Settings
By default, the Botnet Traffic Filter is disabled, as is use of the dynamic database.
For DNS inspection, which is enabled by default, Botnet Traffic Filter snooping is disabled by default.
Model License Requirement
All models You need the following licenses:
• Botnet Traffic Filter License.
• Strong Encryption (3DES/AES) License to download the dynamic database.