Cisco Cisco Firepower Management Center 4000

28-17

FireSIGHT System User Guide

Chapter 28 Detecting Specific Threats

Preventing Rate-Based Attacks

Configuring Rate-Based Attack Prevention

License:

Protection

You can configure rate-based attack prevention at the policy level to stop SYN flood attacks. You can
also stop excessive connections from a specific source or to a specific destination.

To configure rate-based attack prevention:

Access:

Admin/Intrusion Admin

Step 1

Select

Policies > Intrusion > Intrusion Policy.

The Intrusion Policy page appears.

Step 2

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click

to discard those changes and continue. See

Committing Intrusion Policy Changes, page 20-8

for information on saving unsaved changes in another

policy.