Guidelines and limitations, Default settings – Cisco ASA 5505 User Manual

Page 1202

56-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 56 Configuring Threat Detection

Configuring Scanning Threat Detection

Guidelines and Limitations

This section includes the guidelines and limitations for this feature:

Security Context Guidelines

Supported in single mode only. Multiple mode is not supported.

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

Types of Traffic Monitored

•

Only through-the-box traffic is monitored; to-the-box traffic is not included in threat detection.

•

Traffic that is denied by an access list does not trigger scanning threat detection; only traffic that is
allowed through the ASA and that creates a flow is affected by scanning threat detection.

Default Settings

Table 56-5

lists the default rate limits for scanning threat detection.

The burst rate is calculated as the average rate every N seconds, where N is the burst rate interval. The
burst rate interval is 1/30th of the rate interval or 10 seconds, whichever is larger.

Table 56-5

Default Rate Limits for Scanning Threat Detection

Average Rate

Burst Rate

5 drops/sec over the last 600 seconds.

10 drops/sec over the last 20 second period.

5 drops/sec over the last 3600 seconds.

10 drops/sec over the last 120 second period.

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series