11-6
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Connection Settings
Configure Connection Settings
•
set connection per-client-embryonic-max
n—The maximum number of simultaneous embryonic
connections allowed per client, between 0 and 2000000. The default is 0, which allows unlimited
connections.
Example:
hostname(config-pmap-c)#
set connection embryonic-conn-max 1000
hostname(config-pmap-c)#
set connection per-client-embryonic-max 50
Step 4
If you are editing an existing service policy (such as the default global policy called global_policy), you
can skip this step. Otherwise, activate the policy map on one or more interfaces.
service-policy
policymap_name
{
global
|
interface
interface_name
}
Example:
hostname(config)# service-policy global_policy global
The
global
keyword applies the policy map to all interfaces, and
interface
applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Step 5
Configure threat detection statistics for attacks intercepted by TCP Intercept.
threat-detection statistics tcp-intercept
[
rate-interval
minutes
]
[
burst-rate
attacks_per_sec
] [
average-rate
attacks_per_sec
]
Example:
hostname(config)#
threat-detection statistics tcp-intercept
The
rate-interval
keyword sets the size of the history monitoring window, between 1 and 1440 minutes.
The default is 30 minutes. During this interval, the ASA samples the number of attacks 30 times.
The
burst-rate
keyword sets the threshold for syslog message generation, between 25 and 2147483647.
The default is 400 per second. When the burst rate is exceeded, syslog message 733104 is generated.
The
average-rate
keyword sets the average rate threshold for syslog message generation, between 25
and 2147483647. The default is 200 per second. When the average rate is exceeded, syslog message
733105 is generated.
Step 6
Monitor the results with the following commands:
•
show threat-detection statistics top tcp-intercept
[
all
|
detail
]—View the top 10 protected servers
under attack. The
all
keyword shows the history data of all the traced servers. The
detail
keyword
shows history sampling data. The ASA samples the number of attacks 30 times during the rate
interval, so for the default 30 minute period, statistics are collected every 60 seconds.
•
clear threat-detection statistics tcp-intercept
—Erases TCP Intercept statistics.
Example:
hostname(config)#
show threat-detection statistics top tcp-intercept
Top 10 protected servers under attack (sorted by average rate)
Monitoring window size: 30 mins Sampling interval: 30 secs
<Rank> <Server IP:Port> <Interface> <Ave Rate> <Cur Rate> <Total> <Source IP (Last Attack
Time)>
----------------------------------------------------------------------------------
1 10.1.1.5:80 inside 1249 9503 2249245 <various> Last: 10.0.0.3 (0 secs ago)
2 10.1.1.6:80 inside 10 10 6080 10.0.0.200 (0 secs ago)
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...