Cisco Systems ASA 5585-X Manual De Usuario
26-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Configuring the Botnet Traffic Filter
ciscoasa(config)# dynamic-filter use-database
What to Do Next
See the
Adding Entries to the Static Database
The static database lets you augment the dynamic database with domain names or IP addresses that you
want to blacklist or whitelist. Static blacklist entries are always designated with a Very High threat level.
See the
want to blacklist or whitelist. Static blacklist entries are always designated with a Very High threat level.
See the
for more information.
Prerequisites
•
In multiple context mode, perform this procedure in the context execution space.
•
Enable ASA use of a DNS server according to the
“Configuring the DNS Server” section on
page 13-13
in the general operations configuration guide.
Detailed Steps
Command
Purpose
Step 1
dynamic-filter blacklist
Example:
ciscoasa(config)# dynamic-filter blacklist
Edits the Botnet Traffic Filter blacklist.
Step 2
Enter one or both of the following:
name
domain_name
Example:
ciscoasa(config-llist)# name bad.example.com
Adds a name to the blacklist. You can enter this
command multiple times for multiple entries. You can
add up to 1000 blacklist entries.
command multiple times for multiple entries. You can
add up to 1000 blacklist entries.
address
ip_address mask
Example:
ciscoasa(config-llist)# address 10.1.1.1
255.255.255.255
Adds an IP address to the blacklist. You can enter this
command multiple times for multiple entries. The
mask can be for a single host or for a subnet.
command multiple times for multiple entries. The
mask can be for a single host or for a subnet.
Step 3
dynamic-filter whitelist
Example:
ciscoasa(config)# dynamic-filter whitelist
Edits the Botnet Traffic Filter whitelist.
Step 4
Enter one or both of the following: