08-08-2008 06:16 AM - edited 03-10-2019 04:14 AM
Does anyone know where I can find out the maximum number of denied attackers the ASA-SSM-10 running 6.1(1)E2 can handle? I see where you can set a timeout and total number for the denied hosts and denied network blocks but I haven't been able to find anything for the max number of denied attackers.
I'm am using this for a signature that is sometimes popular on our network and I'm concerned about impacting the performance of my IPS.
Thanks.
08-08-2008 07:22 AM
The default number of blocked hosts is 250. You can see this with a "sh stat net" command. This can be configured from
conf t
service net
general
block-max-entries
08-08-2008 09:54 AM
Blocks are different than Denies.
Blocks are for the modification of configuration on Switches, Routers, or Firewalls to get the other device to drop the traffic.
Denies are when the sensor itself drops the packets. The sensor must be operated in InLine mode for Denies to work.
To configure the max number of Denied Attackers you follow a similar procedure as rhermes posted, but it is controlled in the service event-action-rules rules0 configuration.
conf t
service event-action-rules rules0
general
max-denied-attackers 10000
The default I believe is 10,000, but can be configured to be much higher or lower. Increasing this number could have a performance affect on your sensor, so be carefull when increasing this above 10,000.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide