02-19-2002 07:40 AM - edited 03-08-2019 09:51 PM
Is it possible to only shun systems originating from my own IP address range? In other words, not shun external attacks (yet).
And, how would I be able to do that?
Thank you.
02-19-2002 09:17 AM
This should be possible, by not specifying your internal net/ip in CSPM or the Director,
For example:
If you have a device such as a Proxy server which services outbound request to the net you can excluded this, so it is never shunned.
02-19-2002 11:41 AM
I think you might be able to do this, if you are shunning on a router.
You can set up a PreShunACL for the interface(s) where you are
shunning. In this ACL add entries allowing all packets that
originate from outside your network. ( The sensor shuns are
inserted into the interface ACL after the PreShunACL entries, and
the router will allow the packet before it encounters the shun entry ).
Caution is advised however, because allowing all outside traffic
may not be the policy you want to set on that interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide