02-19-2002 07:40 AM - edited 03-08-2019 09:51 PM
Is it possible to only shun systems originating from my own IP address range? In other words, not shun external attacks (yet).
And, how would I be able to do that?
Thank you.
02-19-2002 09:17 AM
This should be possible, by not specifying your internal net/ip in CSPM or the Director,
For example:
If you have a device such as a Proxy server which services outbound request to the net you can excluded this, so it is never shunned.
02-19-2002 11:41 AM
I think you might be able to do this, if you are shunning on a router.
You can set up a PreShunACL for the interface(s) where you are
shunning. In this ACL add entries allowing all packets that
originate from outside your network. ( The sensor shuns are
inserted into the interface ACL after the PreShunACL entries, and
the router will allow the packet before it encounters the shun entry ).
Caution is advised however, because allowing all outside traffic
may not be the policy you want to set on that interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: