When I implement Shunning with the E0 interface on my IDS_Router to SHUN via OUT direction, I noticed a strange permit statement in the Shunning Access-list which seem to be allowing IDS_Sensor's IP to come in from the outside.
IP address 192.168.10.10 is the NAT public address of my Sensor.
IDS_Router>show ip access-list
Extended IP access list IDS_Ethernet0_out_0
permit ip host 192.168.10.10 any
permit ip any any
I realised that the "permit statement" for Sensor's IP address was there because by default we do not check the box under "device management" / "Allow device to shun sensor".
This permit statement is clearly wrong in my situation. Does it has anything to do with how I place the sensor? Does anyone else has this problem?
Re: permit statement for Sensor in Shun-Access-list
Managed won't know if the interface it is shunning on is the same interface it uses to telnet into the router.
If it is the same interface then the permit statement is needed to ensure that managed can always get into the router.
If the interface is not the same interface that managed is telneting into, then you use that option you mentioned to allow the sensor to shun it's own ip address, and managed will not put the sensor's ip address at the top of the ACL.
(You will then also be allowed to shun the sensor's ip address in case someone else tries using it, i.e. it permits managed to put in a deny statement for the sensor's ip address when it gets a shun request for the sensor ip, which it won't do otherwise)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...