Solved

Pix threat detection

Posted on 2009-07-08
2
730 Views
Last Modified: 2012-06-27
I was looking at the config of my pix and noticed the following code.
threat-detection rate dos-drop rate-interval 600 average-rate 300 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 160 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 50 burst-rate 50
threat-detection rate scanning-threat rate-interval 3600 average-rate 60 burst-rate 80
threat-detection basic-threat
How can I have 2 dos and 2 scans configured at the same time? How do I know which one is working?
0
Comment
Question by:Jelonet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
Voltz-dk earned 250 total points
ID: 24811675
You can have 2 because the time is different, that is you accept different values for an hourly rate than for a 10-min rate.
So they both work.

If you do "show threat-detection rate" you will also notice is shows 10-min & 1-hour values.
---
You can see the default values here, and read more about threat-detection:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html#wp1087593
0
 

Author Closing Comment

by:Jelonet
ID: 31601105
Got it. Thank you.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
replacing 2811 to ISR 4331 2 77
Cisco ASA VPN Client Routing 8 78
adjusting startup config 6 73
BGP recommended setup with failover 2 102
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question