Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
1
Replies

PIX Shun List

irlitewave
Level 1
Level 1

‎04-08-2004 04:20 AM - edited ‎02-20-2020 11:20 PM

We have added shuns for many spam email servers to help reduce the amount of spam that gets into our smtp server. The problem is that when the PIX is power cycled it looses all of the shunned IP addresses. Is there a way to keep them in the PIX after a power cycle?

PIX 515 Ver 6.1.4

0 Helpful
1 Reply 1

jose.couto
Level 1
Level 1

‎04-09-2004 11:07 AM

The shun command was designed to allow external IDS to stop attacks at the fw, so they never end in the configuration. You need to use access-list.

BTW, it would be much easier to maintain a list of forbidden addresses if you had a 6.2 or later version, as they allow you to create an object group with all the undesired IP addresses and block them all with only an entry on the ACL.

Regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card