Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2362
Views
0
Helpful
3
Replies

Auto Ban IPs that offend on certain ports or services???

sycomix420
Level 1
Level 1

‎01-07-2016 07:41 AM - edited ‎03-10-2019 06:32 AM

ASA 5510 is there a solution to allow said 5510 unit to auto blacklist an IP in similar fashion to fail2ban for linux? It is not so bad to shun an ip one at a time if it is only 4 or 5 IPs, but on those day when it 77 IPs on the list to add... I can think of much better uses of our time than banning IPs in the dozens one by one.

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-07-2016 05:22 PM

Yes but you need the IPS module.  As the 5510 is an older model, and IPS has been replaced by SourceFire (which you need a newer firewall to run) the best option is to replace your current firewall with a 5512 or 5515 and get the Sourcefire module and licences for IPS than invest further money into your older system.

0 Helpful

David Niemann
Level 3
Level 3

‎01-07-2016 09:08 PM

You can configure threat-detection auto shun.  Depending on which statistic you use it will auto shun IPs based denies from ACLs, scanning activity or state/TCP misbehaving.  We use this on our older ASAs.  You can set it to remove the shun after a set amount of time or leave it indefinitely.

0 Helpful

Abdullo Salikhov
Level 1
Level 1
In response to David Niemann

‎06-28-2018 07:29 AM

Can you share your setup and config please ?


Abdullo Salikhov
Dushanbe, Tajikistan
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card