Есть аса 5510, софт 8.4.7
Включен сабж:
Код:
# sh run | i threat
threat-detection basic-threat
threat-detection scanning-threat shun except object-group obj_net_internal
threat-detection scanning-threat shun duration 7200
threat-detection statistics host number-of-rate 3
threat-detection statistics port number-of-rate 3
threat-detection statistics protocol number-of-rate 3
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
Периодически в логи вылазят сообщения:
Код:
Apr 17 2014 13:18:14: %ASA-4-733100: [ 10.1.0.3] drop rate-1 exceeded. Current burst rate is 1 per second, max configured rate is 10; Current average rate is 7 per second, max configured rate is 5; Cumulative total count is 8707
Код:
# sh threat-detection statistics host 10.1.0.3
Current monitored hosts:24934 Total not monitored hosts:1097316
Average(eps) Current(eps) Trigger Total events
Host:10.1.0.3: tot-ses:179499554 act-ses:1022 fw-drop:64906074 insp-drop:0 null-ses:58960479 bad-acc:0
20-min Sent attack: 7 8 48589 8733
20-min Recv attack: 0 0 7918 1186
1-hour Sent byte: 16029 34762 0 57707205
1-hour Sent pkts: 30 59 0 109850
1-hour Recv byte: 17302 32886 0 62289850
1-hour Recv pkts: 30 49 0 110519
Это внутренний хост ессесно, как мне добавить локалку в белый список, чтобы аса на них не реагировала?
Доки все перерыл - нет такого.
Scanning threat - пожалуйста, а вот basic threat не нашел.