01-07-2016 07:41 AM - edited 03-10-2019 06:32 AM
ASA 5510 is there a solution to allow said 5510 unit to auto blacklist an IP in similar fashion to fail2ban for linux? It is not so bad to shun an ip one at a time if it is only 4 or 5 IPs, but on those day when it 77 IPs on the list to add... I can think of much better uses of our time than banning IPs in the dozens one by one.
01-07-2016 05:22 PM
Yes but you need the IPS module. As the 5510 is an older model, and IPS has been replaced by SourceFire (which you need a newer firewall to run) the best option is to replace your current firewall with a 5512 or 5515 and get the Sourcefire module and licences for IPS than invest further money into your older system.
01-07-2016 09:08 PM
You can configure threat-detection auto shun. Depending on which statistic you use it will auto shun IPs based denies from ACLs, scanning activity or state/TCP misbehaving. We use this on our older ASAs. You can set it to remove the shun after a set amount of time or leave it indefinitely.
06-28-2018 07:29 AM
Can you share your setup and config please ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide