Configuring Blocking Properties; Allowing The Sensor To Block Itself - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Blocking Properties

•
•
•
You configure blocking using either ACLs, VACLS, or the shun command. All firewall and ASA models
support the shun command.
Configuring Blocking Properties
You can change the default blocking properties. It is best to use the default properties, but if you need to
change them, use the following procedures:
•
•
•
•
•
•
•
•
•

Allowing the Sensor to Block Itself

Use the allow-sensor-block [true | false] command in the service network-access submode to configure
the sensor to block itself.
We recommend that you do not permit the sensor to block itself, because it may stop communicating
Caution
with the blocking device. You can configure this option if you can ensure that if the sensor creates a rule
to block its own IP address, it will not prevent the sensor from accessing the blocking device.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
10-4
We support VACL blocking on the Supervisor Engine and ACL blocking on the MSFC.
Note
PIX Firewall with version 6.0 or later (shun command)
501
–
506E
–
515E
–
525
–
535
–
ASA with version 7.0 or later (shun command)
ASA-5510
–
ASA-5520
–
ASA-5540
–
FWSM 1.1 or later (shun command)
Allowing the Sensor to Block Itself, page 10-4
Disabling Blocking, page 10-6
Setting Maximum Block Entries, page 10-8
Setting the Block Time, page 10-10
Enabling ACL Logging, page 10-11
Enabling Writing to NVRAM, page 10-12
Logging All Blocking Events and Errors, page 10-13
Configuring the Maximum Number of Blocking Interfaces, page 10-14
Configuring Addresses Never to Block, page 10-15
Chapter 10 Configuring Blocking
78-16527-01