03-24-2010 11:34 AM - edited 03-11-2019 10:25 AM
I am about to configure the Botnet Filtering feature on our ASA5520. I do have a couple of questions. We have 2 ASA5520's for failover.
Questions:
How much impact will this have on my network during configuration - should I configure this during a maintenance window or can I do this anytime?
When configuring DNS - i ran into an error, stating that my dns was not configured correctly and cannot resolve the ironport address to download the dynamic database. I used the outside authoritative servers of our internet provider and selected the outside interface(primary and secondary servers). I use the default DNS group. What am I missing here. I did configure our domain name as well.
This is what i have configured
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server x.x.x.x (outside comcast dns servers)
domain-name xxxxxxxx.va.us
Thanks
03-24-2010 02:38 PM
Botnet should no impact traffic or overload the box. As long as the feature is not set to block you should not notice anything.
For the dns issue check if you change your dns to 4.2.2.2, if ironport resolves. It could be the comcast dns server that is not resolving it.
I hope it helps.
PK
03-24-2010 04:05 PM
03-25-2010 05:00 AM
What is the 4.2.2.2 address?
03-25-2010 05:24 AM
Verizon dns server
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide