IPS not shunning on PIX

Unanswered Question
Mar 9th, 2008

I have IPS 4255. I wanted to configure it so that it can shun the attack that comes on pix firewall. I have made the device profile and add firewall in blocking devices. I have given all the parameters for telnet and even i try with ssh. But still i am not able to do the shunning on firewall. Though same IPS is able to block attack for routers. But not working with firewall.

In IPS static i see the following

section NetDevice

Type PIX



Communications telnet

ResponseCapabilities block

section NeverBlock


IP x.219.212.220

section State

BlockEnable true

section NetDevice


AclSupport Does not use ACLs

Version 0

State Inactive

Firewall-type PIX

Please help me out.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Thu, 03/13/2008 - 10:02

If you can run a sniffer such as Ethereal/Wireshark between your 4255 and PIX you can watch the telnet session with the "follow session" option on your sniffer. This will give you a great indication what is going on between those two devices.

jlively Mon, 03/17/2008 - 14:30

The best indication of what is wrong is usually in the event store. If you do a show events from the cli, and then stop/start blocking ( either from idm or another cli session), you should see arc connecting to all it's devices. Any connection issues should produce an error message. (Note: stopping and starting Arc forces the reconnects. You could always just watch the event store as Arc will periodically try to connect to the device).


This Discussion