We have an ASA 5510 and have it set to enable Threat Detection and "Shun hosts detected by scanning threat". I attached a screenshot of the ASDM. Once a month we send out a video to our member firms and one firm will continually get shunned. It happened again yesterday (2 weeks after the video was sent out) and I checked the web server logs - it was only accessed once by this firm. I did a test from a remote location and saw the same things in the web logs yet I did not get shunned. We don't have a syslog server, but is there a way to identify why this one location gets shunned when accessing our site?
You can use the command "show threat-detection scanning-threat target" to see which of your servers is being attacked as per the firewall. Also, you can use the command "show threat-detection statistics host " to see what kind of traffic that host was sending. That could give you a fair idea why the firewall is shunning the hosts. But typically, the firewall will classify a host as an attacker when it sees too many half open connections for that host. So, in your case, if the remote site host tries to open connection to your WEB server and tries it multiple times (sometimes it happens if they are using a proxy), then the firewall could classify that host as an attacker.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...