Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to completely disable SHUN?

Hi there,

I have an ASA5510 running Software Version 8.4(4)5. I notice that my users complain that they lose connection to a particular server behind the firewall for about an hour and then they're able to connect normally.

I did some checking and i found out that the server gets shunned for about an hour, prevent access to it.

Is there a way to completely disable the shun 'feature' on the ASA?

Thanks in advanced

2 REPLIES

How to completely disable SHUN?

Hello Ja,

This is due to treath detection as this is done dinamically,

So you will need to disable scanning and treath detection

U could use the following command to do a filter :

threat-detection scanning-threat shun except ip-address 10.1.1.0 255.255.255

But if u really want to remove it just add a no in front of the treath detection scanning-threath config,

For Networking Posts check my blog at http://laguiadelnetworking.com/


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

How to completely disable SHUN?

Hi! Thanks, i'll test it out and respond here.

802
Views
0
Helpful
2
Replies
CreatePlease to create content