https://community.cisco.com/t5/network-security/pix-shun-list/m-p/245672#M593427 <HTML><HEAD></HEAD><BODY><P>The shun command was designed to allow external IDS to stop attacks at the fw, so they never end in the configuration. You need to use access-list.</P><P></P><P>BTW, it would be much easier to maintain a list of forbidden addresses if you had a 6.2 or later version, as they allow you to create an object group with all the undesired IP addresses and block them all with only an entry on the ACL.</P><P></P><P>Regards.</P></BODY></HTML> Fri, 09 Apr 2004 18:07:04 GMT jose.couto 2004-04-09T18:07:04Z https://community.cisco.com/t5/network-security/pix-shun-list/m-p/245671#M593426 <P>We have added shuns for many spam email servers to help reduce the amount of spam that gets into our smtp server. The problem is that when the PIX is power cycled it looses all of the shunned IP addresses. Is there a way to keep them in the PIX after a power cycle?</P><P></P><P>PIX 515 Ver 6.1.4</P><P></P> Fri, 21 Feb 2020 07:20:12 GMT https://community.cisco.com/t5/network-security/pix-shun-list/m-p/245671#M593426 irlitewave 2020-02-21T07:20:12Z https://community.cisco.com/t5/network-security/pix-shun-list/m-p/245672#M593427 <HTML><HEAD></HEAD><BODY><P>The shun command was designed to allow external IDS to stop attacks at the fw, so they never end in the configuration. You need to use access-list.</P><P></P><P>BTW, it would be much easier to maintain a list of forbidden addresses if you had a 6.2 or later version, as they allow you to create an object group with all the undesired IP addresses and block them all with only an entry on the ACL.</P><P></P><P>Regards.</P></BODY></HTML> Fri, 09 Apr 2004 18:07:04 GMT https://community.cisco.com/t5/network-security/pix-shun-list/m-p/245672#M593427 jose.couto 2004-04-09T18:07:04Z