I am using an ASA 5510 on our home/office network as firewall and router. Over the past hour the top usage status is showing 8+ million packet hits for HTTP traffic. That seems huge for a Saturday when no one is in the office and I only have 3 people at home.
I enabled the threat detection and it started blocking things like iPhone software updates. I added our internal network to the shun exclusion list.
I'm trying to figure out if these are attempted traffic coming to our site or some type of infected device inside my network going out.
Do you have any suggestions for me for determining where the issue is? I tried using the demo of FirePlotter, but it hasn't helped me track down the source.
Setup a syslog server for your network and configure the ASA to log to it. Use the logging trap informational command to send detailed log to the syslog server. Analyse the syslog messages to see which devices are generating most of the traffic and to what destinations traffic is going.
Hi, I have a similar problem, a MacBook in our network is being shunned many times per day by our ASA.
Every times this MacBook stop acessing internet the command show shun on CLI gives me the IP address of this computer, so we perform a no shun to free him.
On CLI the command show threat-detection statistics host gives me a detailed output as snapshot attached. I understand this MacBook activated 5 times the TRIGGER in last 20 minutes, that`s why it is being shunned every day.
My question is, how do I understand which triggers he activated?
I don`t know if the MacBook is really doing something wrong, or if it is just an excessive retricting rule on ASA.
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...