show threat-detection service remote-access-authentication details
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2025 05:53 AM
Hello I configured Threat detection on my FTD firewall over the weekend. Can someone please explain what the disabled section of this command means?
Anyways. It appears to be working. However, I'm a bit confused with the command:
* show threat-detection service remote-access-authentication details
specifically the disabled section. I understand the blocking (shuned IP's) section but I don't understand the disabled part. Can someone please explain?
show threat-detection service remote-access-authentication details
State : Enabled
Hold-down : 10 minutes
Threshold : 8
Stats:
failed : 0
blocking : 5
recording : 142
unsupported : 0
disabled : 4944
Total entries: 46
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2025 06:01 AM
-
Failed—A failure occurrence when processing the reported occurrence.
-
Blocking—The reported occurrence is within the hold-down period and the threshold was met or exceeded. As a result, the service automatically installed a shun to block the mischievous peer.
-
Recording—The reported occurrence is outside of the hold-down period, or the threshold was met or exceeded. As a result, the service will record the occurrence.
-
Unsupported—The reported occurrence does not currently support automatic shunning.
-
Disabled—An occurrence was reported; but the service has been disabled.
MHM
