Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS not shunning on PIX

I have IPS 4255. I wanted to configure it so that it can shun the attack that comes on pix firewall. I have made the device profile and add firewall in blocking devices. I have given all the parameters for telnet and even i try with ssh. But still i am not able to do the shunning on firewall. Though same IPS is able to block attack for routers. But not working with firewall.

In IPS static i see the following

section NetDevice

Type PIX



Communications telnet

ResponseCapabilities block

section NeverBlock


IP x.219.212.220

section State

BlockEnable true

section NetDevice


AclSupport Does not use ACLs

Version 0

State Inactive

Firewall-type PIX

Please help me out.


Re: IPS not shunning on PIX

If you can run a sniffer such as Ethereal/Wireshark between your 4255 and PIX you can watch the telnet session with the "follow session" option on your sniffer. This will give you a great indication what is going on between those two devices.

Cisco Employee

Re: IPS not shunning on PIX

The best indication of what is wrong is usually in the event store. If you do a show events from the cli, and then stop/start blocking ( either from idm or another cli session), you should see arc connecting to all it's devices. Any connection issues should produce an error message. (Note: stopping and starting Arc forces the reconnects. You could always just watch the event store as Arc will periodically try to connect to the device).

CreatePlease to create content