I'm trying to configure blocking with PIX. I have configured the IDS with the PIX parameters in order to make the blocking, but in the Manual Blocking page of the DeviceManager in the field "Net Device Status" it shows password_sent, it never shows active.
I can make telnet from the ids to the pix succesfuly.
What ids version are you using? In 3.1 there is a known issue connecting to pix using version 6.2.1 with telnet. If you use ssh and 3des it will work fine. Upgrading to 4.0 will also solve the problem.
With ssh the blocking is working. But now, the shunned IP never is un-shunned from the firewall.
I have configured ICMP echo request signature to block for 3 minutes. When the ping starts the source IP is blocked, 3 minutes later the manual blocking page shows when the block ends and the IP disappears from the blocked IPs, but in the PIX it is still shunned, I can see this using show shun statistics command in the firewall.
When the test is made with manual blocking of IDS-DM it works fine.
The /usr/nr/var/errors.managed.(pid) file doesn't show errors related with the IP address that should be unshunned. Also, there aren't lines in /usr/nr/etc/managed.conf containing entries related with time.
In the file /usr/nr/var/log.200305150934 there is a message reporting the shunning of the IP and a message reporting the unshun of the ip.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...