Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Botnet Filter

I have recently added the Botnet filter license to an ASA5510.  Im needing assistance with viewing the config and being able to know that it is working.  How can i test?  Thanks

  • Firewalling
Everyone's tags (1)
VIP Purple

ASA Botnet Filter

Here is a document that should get you started:

If there are more questions after going through that doc, fell free to ask.

Don't stop after you've improved your network! Improve the world by lending money to the working poor:

-- Don't stop after you've improved your network! Improve the world by lending money to the working poor:

ASA Botnet Filter

hi kevin,

here's some show commands as per my FIREWALL notes and a useful link that i've bookmarked.

usually the ASA will generate a syslog if a bad or infected machine is detected.

Commands to Verify Botnet Traffic Filtering Operation

Function                                Command Syntax

Dynamic database status        ciscoasa# show dynamic-filter updater-client

Connections filtered                ciscoasa# show dynamic-filter statistics

List infected hosts                  ciscoasa# show dynamic-filterreport infected-hosts

Top-n botnet activity                ciscoasa# show dynamic-filter top [infected-hosts | malware-ports | malware-sites]

New Member

ASA Botnet Filter


I have to enable botnet filter as well for one of our customer. So is it possible to enable botnet filter in monitoring mode only, means without dropping any traffic or impacting the production environment ?


ASA Botnet Filter


the answer is no. the ASA will intercept DNS queries and match it against the configured blacklist sites on its database and drops the traffic.

New Member

ASA Botnet Filter

My filter was origanly set to monitor mode which wasnt dropping the malicous requests - Scenerio;  I have a DNS server where the filter is detecting as a malicouis host naking DNS requests.  My question is,  does this necessarily imply that the DNS server is infected or is it another host on my network using this DNS server for name resolution.

This widget could not be displayed.