Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to only shun internal systems

Is it possible to only shun systems originating from my own IP address range? In other words, not shun external attacks (yet).

And, how would I be able to do that?

Thank you.

2 REPLIES
Community Member

Re: How to only shun internal systems

This should be possible, by not specifying your internal net/ip in CSPM or the Director,

For example:

If you have a device such as a Proxy server which services outbound request to the net you can excluded this, so it is never shunned.

Cisco Employee

Re: How to only shun internal systems

I think you might be able to do this, if you are shunning on a router.

You can set up a PreShunACL for the interface(s) where you are

shunning. In this ACL add entries allowing all packets that

originate from outside your network. ( The sensor shuns are

inserted into the interface ACL after the PreShunACL entries, and

the router will allow the packet before it encounters the shun entry ).

Caution is advised however, because allowing all outside traffic

may not be the policy you want to set on that interface.

107
Views
0
Helpful
2
Replies
CreatePlease to create content