Create parameter map
parameter-map type inspect param-1
audit-trail on (Turn on audit trail)
udp idle-time 60 (Set udp idle time to 1min)
alert on (default is on, I cannot see this option in show run | s parameter-map, this is to turn on alert on your console)
icmp idle-time 5 (ICMP idle time to be 5 seconds)
dns-timeout 60 (dns timeout set to 1min)
tcp max-incomplete host 10 block-time 10 (tcp syn flood prevention. Block a host that is establishing more than 10 embryonic session for 10mins)
sessions maximum 1000 (maximum session to be 1000)
Create class map
class-map type inspect match-any cmap-2
description FTP and TFTP classification
match protocol ftp
match protocol tftp
Create policy-map
policy-map type inspect pmap-2
description Policy based on cmap-2
class type inspect cmap-2
inspect param-1
police rate 512000 burst 96000
class class-default
drop
Apply policy to zone-pairs
zone-pair security out-to-in source outside destination inside
service-policy type inspect pmap-2
Normal burst value: configured burst (bps) / 8 to become bytes, multiply by 1.5 seconds
Extended burst: double of normal burst value.
cyruslab 