Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello - I have an ASA as our external firewall. I have enabled basic threat detection and scanning threat detection. Given that I cannot seem to get the shun mechanism to work properly, I have configured it as strictly as possible (monitoring window ...
Can anyone help with this? I am getting events from our ASA showing numerous port scans but for some reason, the device is not shunning them. I have seen the device shun people but it seems to be hit or miss (mostly miss) as to when it does it.
Attached is the output from that command. Sorry it took so long. Had to put out some other fires. We have an event correlation engine which we ship all the events from the firewall to. This engine creates alerts when it suspects a port scan is being ...
Thank you for your help!I use the ASDM (I know, I know). I have the box next to "Enable scanning threat detection" checked, the box next to "Shun hosts detected by scanning threat" checked and the Shun Duration is set to 3000. I have posted a screens...