1 Reply Latest reply on Jul 27, 2017 2:47 PM by rth67

    CISCO ASA EPS ISSUE

    kamlakarkadam

      Dear Team,

      we have integrated CISCO ASA 5585 firewall model with McAfee ERC. We are getting the 5000+ EPS from the CISCO ASA firewall via 10GB pipe.

      so it is normal EPS? or what is the normal EPS of cisco ASA firewall???

       

      we have also changed the logging level on the CISCO ASA and set to severity, 6 still we are getting 5000+ EPS on ERC. Hence our ERC VM12 goes down its EPS limit is 5000.

      So is there any workaround for the resolving this issue.

       

      regards,

      Kamlakar Kadam

        • 1. Re: CISCO ASA EPS ISSUE
          rth67

          Cisco ASA Firewall's are very noisy beasts. If there are events that you don't care about / need, you can do one of two things, create a Filter Rule to either Drop the, or send them to the ELM but not the ESM, or you can ask your Firewall Admin to exclude them from being sent. They can modify the syslog setup to exclude specific ASA ID's (tcp connection built, tcp connection teardown, udp connection built, udp connection teardown, etc...)

           

          When events come in to a Receiver, the Filter rules are applied prior to any parsing rules.