cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
657
Views
0
Helpful
3
Replies

Default time for IDM to block hosts

tcavdar
Level 1
Level 1

In IDS 4.0 what is the default time for IDM to block hosts(in access-list for a router)?And this time is configurable?

1 Accepted Solution

Accepted Solutions

From the sensor CLI:

config term

service virtual-sensor-configuration virtualSensor

tune

shunEvent

ShunTime (minutes to block hosts)

From IDM:

Click Configuration

Click Blocking

Click Blocking properties

Update the Block Time input control.

Note: This was recently added to IDM, so you may need

to upgrade to the latest IDS software.

View solution in original post

3 Replies 3

tcavdar
Level 1
Level 1

I have learnt that it is 30 minutes...

How can i change it?

From the sensor CLI:

config term

service virtual-sensor-configuration virtualSensor

tune

shunEvent

ShunTime (minutes to block hosts)

From IDM:

Click Configuration

Click Blocking

Click Blocking properties

Update the Block Time input control.

Note: This was recently added to IDM, so you may need

to upgrade to the latest IDS software.

note that this affects ALL signatures. When you apply it, your sensor will have to generate new cache files..so it will act just like if you tuned a sig.