Hi all, pls kindly take a look at my ASA 5505 config and see if there are any holes which could allow a hacker through and/or cause the internet speed to be slow. The reason I'm asking is because my user reported that they were hacked and that their internet speed is only 3Mbps. When they were using their old PIX 506, they were able to get speeds of up to 6Mbps both upstream and downstream.
The config is attached. All public IPs of the first 2 octets are replaced with xxx for security reasons.
1) I suggest you enable unicast RPF and if you have money for it, consider enabling botnet filtering.
2) Your have enabled a lot of inspection engines, I would keep the enabled to minimum.
3) You have both intra-interface and inter-interface same-security I don't see a reason to do so based on your config (I didn't go too much into detail)
4) Consider enabling shunning in your threat detection if your customer thinks he's under attack.
Keep in mind that by itself ASA is just a smart policy enforcer, endpoint security is a complete different matter. If your users go on fishy sites and download and run application from unknown users there's very little ASA can do against it :-)
Marcin, thanks for the reply. Juz wanna clear up a few things. Firstly, what is unicast RPF and how do I enable it? Secondly, could the inspection engines be the cause of the slow internet speed, upstream and downstream? Thirdly, I configured the ASA based on another ASA which somebody else configured. As such, I have no idea what intra-interface and inter-interface commands do.
I don't understand what you mean in your fourth point. Thanks for the help.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...