Cisco Cisco Firepower 4110 Security Appliance
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Table 96: DNS Protection Profile: Query Protections and Quotas Parameters
Parameter
Description
Radware recommends that you initially leave these fields empty so that the default values will automatically be
used. To view default values after creating the profile, double-click the entry in the table. You can then adjust quota
values based on your network performance.
Note:
The total quota values may exceed 100%, as each value represents the maximum volume per protocol.
A Query
For each DNS query type to protect, specify the quota—the maximum expected
percentage of DNS traffic out of the total DNS traffic—and select the checkbox in
the row.
MX Query
PTR Query
AAAA Query
Text Query
SOA Query
NAPTR Query
SRV Query
Other Queries
Get Default Quotas
PTR Query
AAAA Query
Text Query
SOA Query
NAPTR Query
SRV Query
Other Queries
Get Default Quotas
Configures all the quotas with the hard-coded default values after you have
specified the Expected DNS Query Rate.
Expected DNS Query
Rate
The expected rate, in queries per second, of DNS queries.
Table 97: DNS Protection Profile: Manual Triggers Parameters
Parameter
Description
Use Manual Triggers
Specifies whether the profile uses user-defined DNS QPS thresholds instead
of the learned baselines.
Default: Disabled
Default: Disabled
Activation Threshold
The number of total queries per second, per protected destination network—after
the specified Activation Period—above which, DefensePro considers there to be an
ongoing attack.
When DefensePro detects an attack, it starts challenging all sources.
Above the specified Max QPS (see below), DefensePro limits the rate of total
When DefensePro detects an attack, it starts challenging all sources.
Above the specified Max QPS (see below), DefensePro limits the rate of total
QPS towards the protected network.
Values: 0–4,000,000
Default: 0
Values: 0–4,000,000
Default: 0
Activation Period
The number of consecutive seconds that the DNS traffic on a single connection
exceeds the Activation Threshold that causes DefensePro to consider there to be
an attack.
Values: 1–30
Default: 3
Values: 1–30
Default: 3
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 147 of 281