Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
19-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 19 Managing Firewall Botnet Traffic Filter Rules
Task Flow for Configuring the Botnet Traffic Filter
Note For devices in multiple context mode, you configure traffic classification on the security context.
This opens the Botnet Traffic Filter Rules Page, page 19-9.
Step 2 To enable the Botnet Traffic Filter on specified traffic, follow these steps:
a. On the Traffic Classification tab, click Add Row under the Enable Rules table.
This opens the BTF Enable Rules Editor, page 19-12.
b. In the Interfaces field, specify the interface or interfaces on which you want to enable the Botnet
Traffic Filter. Normally, you want to enable the Internet-facing interface only. To select the
interfaces or interface role objects using the Interfaces Selector, click Select (see Understanding
Interface Role Objects, page 6-67).
You can configure a global classification that applies to all interfaces by selecting the All Interfaces
role object (selected by default). If you configure an interface-specific classification, the settings for
that interface overrides the global setting.
c. Do one of the following to identify the traffic that you want to monitor:
To monitor all traffic, leave the ACL field blank.
To specify the traffic that you want to monitor, click Select to the right of the ACL field to select
an Access Control List object that identifies the traffic that you want to monitor. For example,
you might want to monitor all port 80 traffic on the outside interface. For more information
about Access Control List objects, see Creating Access Control List Objects, page 6-49.
Note You can specify only one enable rule per interface.
d. Click OK.
The BTF Enable Rules Editor closes and the rule is added to the Enable Rules table.
Step 3 To automatically drop malware traffic, follow these steps:
Note You must enable the Botnet Traffic Filter for the traffic you want to automatically drop before
creating a drop rule for that traffic.
a. On the Traffic Classification tab, click Add Row under the Drop Rules table.
This opens the BTF Drop Rules Editor, page 19-13.
b. In the Interfaces field, specify the interface or interfaces on which you want to drop traffic. There
must be a corresponding enable rule for the interface. To select the interfaces or interface role
objects using the Interfaces Selector, click Select (see Understanding Interface Role Objects,
page 6-67).
You can configure a global classification that applies to all interfaces by selecting the All Interfaces
role object (selected by default). If you configure an interface-specific classification, the settings for
that interface overrides the global setting.
c. Do one of the following to identify the traffic that you want to drop:
To monitor all traffic, leave the ACL field blank.