Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is blocking supported with version 4.0 sensors?

I am testing VMS 2.1. Event Viewer under Security Monitor just told me that blocking was only supported in 3.0 sensors. So is there no shun support with a 4.0 sensor?

7 REPLIES
New Member

Re: Is blocking supported with version 4.0 sensors?

As far as I'm aware, shunning based on a signature match response is supported under version 4.0. Manually creating a shun through the SecMon is not supported for 4.0 sensors.

New Member

Re: Is blocking supported with version 4.0 sensors?

Thanks for the reply. Does anyone know if there is a way to do manual shunning through VMS on a 4.0 sensor?

Cisco Employee

Re: Is blocking supported with version 4.0 sensors?

Hi Chad,

Currently this is not available, but most likely it will make it to the IDSMC/SecMon 1.2 release.

Thanks,

yatin

Cisco Employee

Re: Is blocking supported with version 4.0 sensors?

All,

By mistake I said IDSMC/Secmon 1.2 release will have the manual shun,

It should have been IDSMC/Secmon 1.3 instead.

1.2 does not have the manual shun feature.

Yatin

Cisco Employee

Re: Is blocking supported with version 4.0 sensors?

Until manual shun support is added to IDSMC/SecMon, the workaround would be to login to the IDM of the sensor itself and execute the manual shun.

Cisco Employee

Re: Is blocking supported with version 4.0 sensors?

You may want to do your testing with VMS 2.2:

http://www.cisco.com/kobayashi/sw-center/sw-cw2000.shtml

You can download the VMS 2.2 with a 90 day eval from the location above.

This should include SecMon 1.2 which was to include this manual shun feature.

As a work around, you could always telnet or ssh into your Pix and use the shun command available there if you see an interesting event in the SecMon Event Viewer if you continue to test with VMS 2.1.

peter

New Member

Re: Is blocking supported with version 4.0 sensors?

Besides SecMon based Manual Shun, are there any plans to allow Event Rules to issue shuns?

121
Views
0
Helpful
7
Replies