How to only shun internal systems

Unanswered Question
grimish Tue, 02/19/2002 - 09:17
User Badges:

This should be possible, by not specifying your internal net/ip in CSPM or the Director,

For example:

If you have a device such as a Proxy server which services outbound request to the net you can excluded this, so it is never shunned.

stleary Tue, 02/19/2002 - 11:41
User Badges:
  • Cisco Employee,

I think you might be able to do this, if you are shunning on a router.

You can set up a PreShunACL for the interface(s) where you are

shunning. In this ACL add entries allowing all packets that

originate from outside your network. ( The sensor shuns are

inserted into the interface ACL after the PreShunACL entries, and

the router will allow the packet before it encounters the shun entry ).

Caution is advised however, because allowing all outside traffic

may not be the policy you want to set on that interface.


This Discussion