Re: configuring botnet filtering on ASA 5520

JMCNEL · ‎03-24-2010

I am about to configure the Botnet Filtering feature on our ASA5520. I do have a couple of questions. We have 2 ASA5520's for failover.

Questions:

How much impact will this have on my network during configuration - should I configure this during a maintenance window or can I do this anytime?

When configuring DNS - i ran into an error, stating that my dns was not configured correctly and cannot resolve the ironport address to download the dynamic database. I used the outside authoritative servers of our internet provider and selected the outside interface(primary and secondary servers). I use the default DNS group. What am I missing here. I did configure our domain name as well.

This is what i have configured

dns domain-lookup OUTSIDE

dns server-group DefaultDNS

name-server x.x.x.x (outside comcast dns servers)

domain-name xxxxxxxx.va.us

Thanks

Panos Kampanakis · ‎03-24-2010

Botnet should no impact traffic or overload the box. As long as the feature is not set to block you should not notice anything.

For the dns issue check if you change your dns to 4.2.2.2, if ironport resolves. It could be the comcast dns server that is not resolving it.

I hope it helps.

PK

Kureli Sankar · ‎03-24-2010

Follow this link:

https://supportforums.cisco.com/docs/DOC-8782;jsessionid=76FDB1E2E3C34DC9FEDD2992687581BC.node0

-KS

JMCNEL · ‎03-25-2010

What is the 4.2.2.2 address?

Jennifer Halim · ‎03-25-2010

Verizon dns server