EasyManuals Logo
Home>Cisco>Network Router>ASR 5000 Series

Cisco ASR 5000 Series User Manual

Cisco ASR 5000 Series
992 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #916 background imageLoading...
Page #916 background image
Personal Stateful Firewall Overview
â–€ Supported Features
â–„ Cisco ASR 5000 Series Product Overview
OL-22938-02
(stateful checks are not done) and if all is okay, an association is created and the packet is allowed to pass
through.
For any traffic coming after the recovery-timeout:
If any ongoing traffic arrives, it is allowed only if an association was created earlier. Else, it is dropped and reset
is sent.
If any new traffic (3-way handshake) arrives, the usual Stateful Firewall processing is done.
If recovery-timeout value is set to zero, Stateful Firewall flow recovery is not done.
SNMP Thresholding Support
Personal Stateful Firewall allows to configure thresholds to receive notifications for various events that are happening in
the system. Whenever a measured value crosses the specified threshold value at the given time, an alarm is generated.
And, whenever a measured value falls below the specified threshold clear value at the given time, a clear alarm is
generated. The following events are supported for generating and clearing alarms:
Dos-Attacks: When the number of DoS attacks crosses a given value, a threshold is raised, and it is cleared when
the number of DoS attacks falls below a value in a given period of time.
Drop-Packets: When the number of dropped packets crosses a given value, a threshold is raised, and it is cleared
when the number of dropped packets falls below a value in a given period of time.
Deny-Rule: When the number of Deny Rules cross a given value, a threshold is raised, and it is cleared when the
number of Deny Rules falls below a value in a given period of time.
No-Rule: When the number of No Rules cross a given value, a threshold is raised, and it is cleared when the
number of No Rules falls below a value in a given period of time.
Logging Support
Stateful Firewall supports logging of various messages on screen if logging is enabled for firewall. These logs provide
detailed messages at various levels, like critical, error, warning, and debug.
Logging is also supported at rule level, when enabled through rule a message will be logging whenever a packet hits the
rule. This can be turned on/off in a rule.
These logs are also sent to a syslog server if configured in the system.

Table of Contents

Other manuals for Cisco ASR 5000 Series

Preview: Administration Guide
Administration Guide508 pages
Preview: Thresholding Configuration Guide
Thresholding Configuration Guide163 pages
Preview: Installation Guide
Installation Guide317 pages
Preview: Installation And Administration Guide
Installation And Administration Guide95 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 5000 Series and is the answer not in the manual?

Cisco ASR 5000 Series Specifications

General IconGeneral
BrandCisco
ModelASR 5000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals