User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Firewall
Configuring the Attack Protection
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 208
6
• Block UDP Flood: Check the box to prevent the security appliance from
accepting more than 200 simultaneous, active UDP connections per second
from a single computer on the LAN.
STEP 4 In the Firewall Settings area, enter the following information:
• Block ICMP Notification: Check the box to silently block without sending an
ICMP notification to the sender. Some protocols, such as MTU Path
Discovery, require ICMP notifications.
• Block Fragmented Packets: Check the box to block fragmented packets
from Any zone to Any zone.
• Block Multicast Packets: Check the box to block multicast packets. By
default, the firewall blocks all multicast packets. This feature has higher
priority than the firewall access rules, which means that the firewall access
rules that permit the multicast traffic will be overrided if you enable this
feature.
STEP 5 In the DoS Attacks area, enter the following information:
• SYN Flood Detect Rate (max/sec): Enter the maximum number of SYN
packets per second that will cause the security appliance to determine that
a SYN Flood Intrusion is occurring. Enter a value from 0 to 10000 SYN
packets per second. A value of zero indicates that the SYN Flook Detect
feature is disabled.
• Echo Storm (ping pkts./sec): Enter the number of pings per second that will
cause the security appliance to determine that an echo storm intrusion event
is occurring. Enter a value from 0 to 10000 ping packets per second. A value
of zero indicates that the Echo Storm feature is disabled.
• ICMP Flood (ICMP pkts./sec): Enter the number of ICMP packets per
second, including PING packets, that will cause the security appliance to
determine that an ICMP flood intrusion event is occurring. Enter a value from
0 to 10000 ICMP packets per second. A value of zero indicates that the IGMP
Flood feature is disabled.
STEP 6 Click Save to apply your settings.