I'm using the PreShun ACL option on my sensors...seems to work great and was an awesome addition to the use to the functionality of these devices. However, I'm encountering one small issue. It may be just the manner in which I'm using this feature but wanted to see if anyone else had any thoughts.
Whenever I make changes to the preshun acl list I have to manually restart the daemons on my sensors, so that the new preshun acl is applied along with the normal shun acl. I would have thought the sensor would auto-magically re-read the preshun acl to build the normal shun list each time it needed to modify the router due to an event.
Is this correct? Is anyone else seeing this behavior?
Select on alarm seen by that sensor (The instructions say to do this, but I'm not familiar enough with the Event Viewer to be sure that you have to)
Actions->Advanced->Disable Future Blocks
Make your acl modifications to the router
Actions->Advanced->Enable Future Blocks
Also pushing a new configuration (even if nothing changed) will force managed to reread the configuration on the router. But I really suggest using ShunEnable ShunDisable, because otherwise the router's configuration might be corrupted. Some routers don't handle multiple users editing the configuration at speeds which managed writes the configurations.
Just so you know trying to have managed always check for changes was too much of a performance hit for managed, as well as the router, when shuns are coming in fast.
For the Unix Director:
Highlight the sensor (you may even have to high light managed in the sensor's map)
Thanks for your help...think I have a handle on it now...one last thing however...is is possible to issue some command from the director to disable/enable the shunning versus going thru the gui? this would allow me to code my scripts that update my pre_shun acl's to perform the appropriate actions.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...