Cisco Cisco ASR 5000

Page of 9109
  ACS Configuration Mode Commands 
firewall port-scan  ▀   
 
Command Line Interface Reference, StarOS Release 18  ▄  
 
   
487 
firewall port-scan 
This command allows you to configure Stateful Firewall’s Port Scan Detection algorithm. 
Product
 
PSF 
Privilege
 
Security Administrator, Administrator 
Mode
 
Exec > ACS Configuration 
active-charging service service_name
 
Entering the above command sequence results in the following prompt: 
[local]host_name(config-acs)# 
Syntax
 
firewall port-scan { connection-attempt-success-percentage { non-scanner | scanner } 
percentage | inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-
timeout 
response_timeout | scanner-policy { block inactivity-timeout inactivity_timeout 
log-only } }
 
default firewall port-scan { connection-attempt-success- percentage { non-scanner | 
scanner } | inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy 
}
 
default
 
Configures this command with its default setting. 
connection-attempt-success-percentage { non-scanner | scanner } percentage
 
Specifies the connection attempt success percentage. 
 
non-scanner
: Specifies the connection attempt success percentage for a non-scanner. 
percentage
 must be an integer from 60 through 99. 
Default: 70% 
 
scanner
: Specifies the connection attempt success percentage for a scanner. 
percentage
 must be an integer from 1 through 40. 
Default: 30% 
inactivity-timeout inactivity_timeout
 
Specifies the port scan inactivity timeout period, in seconds. 
inactivity_timeout
 must be an integer from 60 through 1800. 
Default: 300 seconds 
protocol { tcp | udp } response-timeout response_timeout
 
Specifies transport protocol and response-timeout period.