- Green, 3000 points or more
I have set up my ASA asa a blocking device in my ssm10. That part works fine. The problem is I had defined local networks in the "Never block Addresses" configuration box. Before long, the ASA had in fact shunned an address which was part of that "never block addresses" configuration. Does this configuration work when using ASA, or does it only work for IOS?
If it doesn't work, is the alternative to write an Event Action Filter to subtract the Block Host action?
When posting please include the software versions you are using.
There is a known bug in 5.1(7) and earlier where the Never Block is not preventing blocks for Addresses that are within a Network address in the Never Block list.
However, this issue was fixed in the 6.0 before 6.0(1) was released.
So if running 5.1 then you are likely hitting this known issue.
But if running 6.0 this may be a new issue.
And as you've stated using an Event Action Filter to prevent the block request in the first place for those addresses is a good workaround. This workaround is also listed in the release notes for that bug mentioned above.