Filter
Top Products
27-5
Cisco ASDM User Guide
OL-16647-01
Chapter 27 Configuring Advanced Firewall Protection
Configuring Threat Detection
Caution Enabling statistics can affect the security appliance performance, depending on the type of statistics
enabled. Enabling statistics for hosts affects performance in a significant way; if you have a high traffic
load, you might consider enabling this type of statistics temporarily. Enabling statistics for ports,
however, has modest impact.
• To enable all statistics, in the Configuration > Firewall > Threat Detection > Scanning Threat
Statistics area, click the Enable All Statistics radio button.
• To disable all statistics, on the Configuration > Firewall > Threat Detection pane, click the Disable
All Statistics radio button.
• To enable only certain statistics, on the Configuration > Firewall > Threat Detection > Scanning
Threat Statistics area, click the Enable Only Following Statistics radio button, end then check one
or more of the following check boxes:
–
Hosts—Enables host statistics. The host statistics accumulate for as long as the host is active
and in the scanning threat host database. The host is deleted from the database (and the statistics
cleared) after 10 minutes of inactivity.
–
Access Rules (enabled by default)—Enables statistics for access rules.
–
Port—Enables statistics for TCP and UDP ports.
–
Protocol—Enables statistics for non-TCP/UDP IP protocols.
–
TCP-Intercept—Enables statistics for attacks intercepted by TCP Intercept (see the
“Configuring Connection Settings” section on page 27-6 to enable TCP Intercept). After you
check the TCP-Intercept option, you can set the following options in the Configuration >
Firewall > Threat Detection > TCP Intercept Threat Detection area:
Monitoring Window Size—Sets the size of the history monitoring window, between 1 and 1440
minutes. The default is 30 minutes. The security appliance samples the number of attacks 60
times during the rate interval, so for the default 30 minute period, statistics are collected every
60 seconds.
Burst Threshold Rate—Sets the threshold for syslog message generation, between 25 and
2147483647. The default is 400 per second. When the burst rate is exceeded, syslog message
733104 is generated.
Average Threshold Rate—Sets the average rate threshold for syslog message generation,
between 25 and 2147483647. The default is 200 per second. When the average rate is exceeded,
syslog message 733105 is generated.
Click the Set Default button to restore the default values.
• To set the number of rate intervals maintained for host statistics, on the Configuration > Firewall >
Threat Detection > Scanning Threat Statistics area, choose 1, 2, or 3 from the User can specify the
number of rate for Threat Detection Host drop-down list. Because host statistics use a lot of memory,
reducing the number of rate intervals from the default of 3 reduces the memory usage. By default,
the“Firewall Dashboard Tab” section on page 1-20 shows information for three rate intervals, for
example, for the last 1 hour, 8 hours, and 24 hours. If you set this keyword to 1, then only the shortest
rate interval statistics are maintained. If you set the value to 2, then the two shortest intervals are
maintained.