configuring botnet filtering on ASA 5520

Unanswered Question
Mar 24th, 2010
User Badges:

I am about to configure the Botnet Filtering feature on our ASA5520. I do have a couple of questions. We have 2 ASA5520's for failover.


How much impact will this have on my network during configuration - should I configure this during a maintenance window or can I do this anytime?

When configuring DNS - i ran into an error, stating that my dns was not configured correctly and cannot resolve the ironport address to download the dynamic database.  I used the outside authoritative servers of our internet provider and selected the outside interface(primary and secondary servers). I use the default DNS group. What am I missing here. I did configure our domain name as well.

This is what i have configured

dns domain-lookup OUTSIDE

dns server-group DefaultDNS

name-server x.x.x.x (outside comcast dns servers)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Wed, 03/24/2010 - 14:38
User Badges:
  • Cisco Employee,

Botnet should no impact traffic or overload the box. As long as the feature is not set to block you should not notice anything.

For the dns issue check if you change your dns to, if ironport resolves. It could be the comcast dns server that is not resolving it.

I hope it helps.



This Discussion