Cisco Cisco ASR 5000
Global Configuration Mode Commands (T-threshold phspc)
▀ threshold fw-deny-rule
▄ Command Line Interface Reference, StarOS Release 18
5684
threshold fw-deny-rule
Configures alarm or alert thresholds for the Stateful Firewall Deny Rule.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration
configure
Entering the above command sequence results in the following prompt:
[local]host_name(config)#
Syntax
threshold fw-deny-rule high_thresh [ clear low_thresh ]
default threshold fw-deny-rule
default
Configures this command with the default threshold settings.
Default: 0—disabled
Default: 0—disabled
high_thresh
Specifies the Stateful Firewall Deny-Rule threshold value, which if met or exceeded generates an alert or
alarm.
alarm.
high_thresh
must be an integer from 0 through 1000000.
Default: 0
clear low_thresh
Specifies the Stateful Firewall Deny-Rule alarm clear threshold value. If, in the same polling interval, the
threshold falls below
threshold falls below
low_thresh
a clear alarm is generated.
low_thresh
must be an integer from 0 through 1000000.
Default: 0
Important:
This value is ignored for the Alert model. In addition, if this value is not configured for the Alarm
model, the system assumes it is identical to the low threshold.
Usage
When the number of Deny-Rule instances exceeds a given value, a n alarm or alert is raised; it is cleared
when the number of Deny-Rule instances falls below a value within the polling interval.
Refer to the
when the number of Deny-Rule instances falls below a value within the polling interval.
Refer to the
threshold poll
command to configure the polling interval, and the
threshold
monitoring
command to enable thresholding for this value.
Example