Cisco Systems ASA 5585-X Manual De Usuario

This section describes how to configure basic threat detection statistics, including enabling or disabling 
it and changing the default limits.

Denial  by  ACLs

400 drops/sec over the last 600 
seconds.

800 drops/sec over the last 20 
second period.

320 drops/sec over the last 
3600 seconds.

640 drops/sec over the last 120 
second period.

Basic firewall checks failed

Packets failed application 
inspection

400 drops/sec over the last 600 
seconds.

1600 drops/sec over the last 20 
second period.

320 drops/sec over the last 
3600 seconds.

1280 drops/sec over the last 120 
second period.

Interface overload

2000 drops/sec over the last 
600 seconds.

8000 drops/sec over the last 20 
second period.

1600 drops/sec over the last 
3600 seconds.

6400 drops/sec over the last 120 
second period.

ciscoasa(config)# threat-detection 

basic-threat

Enables basic threat detection statistics (if you previously 
disabled it). Basic threat detection is enabled by default.

{acl-drop | 

| conn-limit-drop | 

| fw-drop | icmp-drop | 

| interface-drop | 

| syn-attack} 

 rate_interval average-rate 

av_rate burst-rate burst_rate

ciscoasa(config)# threat-detection rate 

dos-drop rate-interval 600 average-rate 60 

burst-rate 100

(Optional) Changes the default settings for one or more type of 
event.

For a description of each event type, see the 

When you use this command with the scanning-threat keyword, 
it is also used in the scanning threat detection feature (see the 

 section). If you do not 

configure basic threat detection, you can still use this command 
with the scanning-threat keyword to configure the rate limits for 
scanning threat detection.

You can configure up to three different rate intervals for each 
event type.