Does Cisco ASA firewall provide DDoS protection?

Hi, I would like to know whether the cisco ASA firewall provide the DDoS protection ? If yes, then how & if no, then request you to suggest the solution that we can use along with the existing ASA firewall in place ?

Hello Shivani

The ASA provides basic DoS attack detection by monitoring the rates at which packets are dropped for various reasons. It generates statistics that can then be analyzed, and the type of attack being experienced can be determined. For information about this feature, take a look at the following documents:

Now distributed DoS attacks (DDoS) are a different story. Because these are by definition distributed, it is not possible for an ASA to detect them, let alone protect against them, because of the fact that there are many different sources of such attacks by the “distributed” definition. In order to achieve this, you would need to use a Next-Generation FireWall (NGFW) such as Cisco FirePower or similar products from other vendors.

I hope this has been helpful!


Thanks for the clarification.

1 Like