FWSM anti-dos option?

Unanswered Question
Dec 6th, 2009

Hi..

I have read that the fwsm has a serveral anti-dos option.

I has seached the fwsm anti-dos related document in CCO, But I can't yet.

first of all, I would like know that,

a. anti-dos feature in FWSM

b. if anti-dos in FWSM, How can I configuration?, Configuration guide

If you help me find it, I would appreciate it.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 12/08/2009 - 05:18

syjeon wrote:

Hi..

I have read that the fwsm has a serveral anti-dos option.

I has seached the fwsm anti-dos related document in CCO, But I can't yet.

first of all, I would like know that,

a. anti-dos feature in FWSM

b. if anti-dos in FWSM, How can I configuration?, Configuration guide

If you help me find it, I would appreciate it.

Thank you.

Have a look at this chapter in the configuration guide -

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/protct_f.html

Jon

Panos Kampanakis Tue, 12/08/2009 - 11:07

One example if you have a static for a server x would be that you want to have 100 conns maximum and 50 embryonics

static (mgmt,test) y x 100 50

The FWSM will proxy to verify that there is no SYN flood and that no more than 100 conns will go using that static.

Another to see a maximum number of connection for a specific traffic class is

policy-map test
class test
  set connection conn-max 100

I hope it helps.

PK

Actions

This Discussion