19-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 19 Managing Firewall Botnet Traffic Filter Rules
Task Flow for Configuring the Botnet Traffic Filter
Configuring the Dynamic Database
This procedure enables database updates, and also enables use of the downloaded dynamic database by
the security appliance.
In multiple context mode, you enable downloading of the dynamic database on the System context so
that it is available to all security contexts. You can then decide, on a per-context basis, whether to enable
use of the dynamic database or not.
By default, downloading and using the dynamic database is disabled.
Related Topics
• Dynamic Blacklist Configuration Tab, page 19-10
• Understanding Botnet Traffic Filtering, page 19-1
• Task Flow for Configuring the Botnet Traffic Filter, page 19-2
• Adding Entries to the Static Database, page 19-5
• Enabling DNS Snooping, page 19-6
• Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page 19-6
• Botnet Traffic Filter Rules Page, page 19-9
Before You Begin
Enable security appliance use of a DNS server (see DNS Page, page 51-13). In multiple context mode,
enable DNS per context.
Step 1 Do one of the following:
• (Device view) Select Firewall > Botnet Traffic Filter Rules from the Policy selector.
• (Policy view) Select Firewall > Botnet Traffic Filter Rules from the Policy Type selector. Select
an existing policy or create a new one.
Note For devices in multiple context mode, you enable downloading of the dynamic database on the
System context and enable use of the dynamic database on each security context, as needed.
This opens the Botnet Traffic Filter Rules Page, page 19-9.
Step 2 On the Dynamic Blacklist Configuration tab, select Enable Dynamic Blacklist From Server to enable
downloading of the dynamic database.
Note In multiple context mode, you enable downloading of the dynamic database on the System
context.
This setting enables downloading of the dynamic database from the Cisco update server. If you do not
have a database already installed on the security appliance, it downloads the database after
approximately 2 minutes. The update server determines how often the security appliance polls the server
for future updates, typically every hour.
Step 3 (Multiple context mode only) Click Save to save the changes to the System context. Then change to the
context where you want to configure the Botnet Traffic Filter, select Firewall > Botnet Traffic Filter
Rules for that context, and then proceed to Step 4.