Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
1
Replies

NeverShunAddress Token for Resets ?

ktimm
Level 1
Level 1

‎01-14-2002 11:55 AM - edited ‎03-08-2019 09:34 PM

Does the NeverShunAddress token work for resets ? If not is there a token for NeverReset ?

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎01-14-2002 12:54 PM

The NeverShunAddress will not affect whether or not the sensor resets a TCP connection.

If you have a signature configured with a TCP Reset action, there are only 3 methods to prevent the TCP Reset from happening.

1) Use a switch which can prevent incoming packets from a SPAN port. This will of course prevent any and all TCP Resets from the sensor.

2) Set the action for the signature to None or an action such as Shun or IP Log without TCP Resets. No connections matching that signature will then be reset.

3) Exclude the signature for a given address set. This will prevent an alarm from firing for a given set of source and destination addresses for the signature. The TCP Resets will not get sent if the signature exclusions prevents the creation of the alarm.

0 Helpful
Customers Also Viewed These Support Documents