03-10-2015 02:18 AM - edited 03-11-2019 10:37 PM
Hello,
There are many log related to following
"%ASA-4-401004: Shunned packet: IP_src ==> IP_dest"
I would like to know more details which threat detection rule was hit? It will useful for me to adjust its Treat Dedication setting.
Since "show threat-detection scanning-threat" or "show threat-detection rate" is only show the global summaries only
Taanks!
03-10-2015 07:18 AM
Hi,
You should be havong scanning threat detecion enabled to get the packets shunned on the ASA device.
threat-detection scanning-threat shun
Now , if you want to change the threshold values for the Threat Detection , you can do that but it would be very tedious and you can see the default using this command:-
sh run all threat-detection
Also , it has to be modified usoing this command:-
threat-detection rate scanning-threat
Thanks and Regards,
Vibhor Amrodia
03-10-2015 08:00 PM
Hello,
Thanks, but how it can more efficient to check which threat-detection rate value is reach threshold?
Example again the syslog keep to see "%ASA-4-401004: Shunned packet: IP_src ==> IP_dest"
But no idea which value I can adjust.
One idea is keep to run
> show threat-detection rate
to see which value is raise up faster and then adjust it. But looks not efficient
Thanks!
03-11-2015 05:01 AM
Hi,
I agree but this is the only way to modify the value and see which suits your network traffic the best. This is a reactive approach on this feature.
For this reason , we have the feature of exception for specific Addresses from preventing them from getting exempted.
Thanks and Regards,
Vibhor Amrodia
03-11-2015 06:43 AM
Hi,
You means using like following?
> threat-detection scanning-threat shun except ip-address IP_address netmask?
or others?
Thanks!
03-11-2015 06:47 AM
Hi,
Yes , if you see some of your important or high traffic devices/host , we might need an exception.
The above way is how you can create an exception for the specific IP addresses.
Reference:-
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t1.html#pgfId-1563523
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide