I am trying to setup shunning from multiple sensors with one shunning device. The user manual does not explain how to do this. Also, I am alittle confused on the definition of a "shunning server". Is it the sensor that is managing the device that shuns or is it the sensor that would like to send shun commands to the managed device via the snesor that is managing it?
The sensors are setup in the following manner:
SNR1 is configured with a managed device "Router" and is able to shun would-be attackers. I would like SNR2 to be able to send shun commands to the same managed device without having to configure SNR2 with a managed device. How would one accomplish this? The user manaual states that you can do this but dosn't really go into the setup of it.
"When installing an IDS system with multiple Sensors, only one of the Sensors can actually control the device. The other Sensors have to forward their shun/unshun requests to that Sensor.
To control a device from multiple Sensors, perform the following steps:
Step 1 Determine which Sensor will control the device. This Sensor is designated as the shun server. The other Sensors are designated as shunning clients.
Step 2 Configure the shun server Sensor for device control normally.
Step 3 For the shunning client Sensors, use the Director or Cisco Secure PM to designate the shun server. The resulting entry in managed.conf will be the following:
Where hostname.orgname specifies the Sensor that is controlling the device.
If you are using the UNIX Director, you must also make some other settings. The appropriate auths, routes, and hosts files have to be updated on both the client and server Sensors in order to support IDS communications."
I have configured the client sensor as stated above. Once a shun occurs that was originated from a shunning client on what sensor's shun-list will the shun show up on? The shunning server, client or both?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...