Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
1
Replies

Add src ip to blacklist when trigger intrusion rule

Ben Chen
Level 1
Level 1

‎05-14-2018 03:42 AM - edited ‎02-21-2020 07:45 AM

Hello,

 

I'm using firepower 4110 of now and is it possible when some host trigger intrusion rule then system auto add that ip into blacklist for a while?

 

If can, kindly tell me how to do that ,thank you.

 

Regards,

Ben

Labels:
0 Helpful
1 Reply 1

yogdhanu
Cisco Employee
Cisco Employee

‎05-14-2018 05:23 AM

Hi

 

You can do that using ISE host remediation.

You would need to integrate FMC to ISE which would quarantine the host with dacl on switch using policies configured on FMC.

 

Hope it helps,

Yogesh

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card