Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

external IPs getting into our FWSM local-host table

We are running an FWSM - version 4.0(4) - for our campus firewall.  Somehow, there are external IPs getting into the local-host table on the inside of our firewall.  This, of course, is preventing us from getting to those IPs.  Some of these IPs are sites that we really need to get to for business purposes (related off-campus research).  Whenever we get a complaint about not being able to get to one of these particular sites, the first thing I do is look in the local-host table and, sure enough, it's in there.  I clear it out and that solves the problem until it shows up in the table next time.

This sounds like a serious and subversive DOS attack possibility to me.  Why does the firewall allow external IPs in the local-host table in the first place?  How can we prevent external IPs from getting in the local-host table?

We are not running any NAT through the firewall.


Alton R. Pouncey, II


Re: external IPs getting into our FWSM local-host table


An easy way will be filtering by ACLs.

For example:

On the inside interface have an ACL that allow only traffic from the real inside network.

If the inside network is, then the inside ACL should permit traffic from only that network.

This will not allow the Firewall to create local hosts entries for other IPs not belonging to the real inside network, as they are not going to be allowed to establish connections through the Firewall.

This is a way to prevent having problems accesing the sites. Obviously is a good idea as well to trace the source of the problem to fix it.


CreatePlease to create content