Hi,
I'm currently trying to implement a trial Botnet Traffic Filter on a ASA5520 multicontext.
It's running in a data center, with ~10 customer contexts. When I tried to enable it, we had a bunch of dropped pings on different contexts. I'm not really sure if there is anything wrong in the configuration, or if this is some kind of bug, or even normal behavior.
Licence is activated.
My config:
admin-context:
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
system-context:
dynamic-filter updater-client enable
customer-context:
dynamic-filter use-database
access-list dynamic-filter_acl extended permit ip 10.140.1.0 255.255.255.0 any
dynamic-filter enable interface outside classify-list dynamic-filter_acl
policy-map global_policy
class inspection_default
inspect dns dynamic-filter-snoop
After implementing the commands on the system/admin context, the pings to google.com started to drop (4 drops, 6 ok, 3 drops, 10 ok, 1 drop, 1 ok,...).
Has anyone an idea how we can get this runnning without impact on our customers?
Regards,
Amir