Hi,
I have configured threat-detection on ASA and it does not seem to be doing shun to IP addresses that are doing scanning or syn flooding.
I have the following config. Any suggestions why this may not be working? I have excluded my internal public and private IP addresses. Could be making shun to not work since one end of connection is my internal address? Any part of config missing?
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address x.x.x.x 255.255.240.0
threat-detection scanning-threat shun except ip-address 10.20.0.0 255.255.0.0
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200