I have IPS 4255. I wanted to configure it so that it can shun the attack that comes on pix firewall. I have made the device profile and add firewall in blocking devices. I have given all the parameters for telnet and even i try with ssh. But still i am not able to do the shunning on firewall. Though same IPS is able to block attack for routers. But not working with firewall.
If you can run a sniffer such as Ethereal/Wireshark between your 4255 and PIX you can watch the telnet session with the "follow session" option on your sniffer. This will give you a great indication what is going on between those two devices.
The best indication of what is wrong is usually in the event store. If you do a show events from the cli, and then stop/start blocking ( either from idm or another cli session), you should see arc connecting to all it's devices. Any connection issues should produce an error message. (Note: stopping and starting Arc forces the reconnects. You could always just watch the event store as Arc will periodically try to connect to the device).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...