Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
2
Helpful
1
Replies

show threat-detection service remote-access-authentication details

manriquej
Level 1
Level 1

‎01-13-2025 05:53 AM

Hello I configured Threat detection on my FTD firewall over the weekend.  Can someone please explain what the disabled section of this command means?  

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222383-configure-threat-detection-for-remote-ac.html

Anyways. It appears to be working. However, I'm a bit confused with the command:

* show threat-detection service remote-access-authentication details

specifically the disabled section. I understand the blocking (shuned IP's) section but I don't understand the disabled part. Can someone please explain?

show threat-detection service remote-access-authentication details

State : Enabled
Hold-down : 10 minutes

Threshold : 8
Stats:
failed : 0
blocking : 5
recording : 142
unsupported : 0
disabled : 4944
Total entries: 46

1 Reply 1

MHM Cisco World
VIP
VIP

‎01-13-2025 06:01 AM

  • Failed—A failure occurrence when processing the reported occurrence.

  • Blocking—The reported occurrence is within the hold-down period and the threshold was met or exceeded. As a result, the service automatically installed a shun to block the mischievous peer.

  • Recording—The reported occurrence is outside of the hold-down period, or the threshold was met or exceeded. As a result, the service will record the occurrence.

  • Unsupported—The reported occurrence does not currently support automatic shunning.

  • Disabled—An occurrence was reported; but the service has been disabled.

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card