Blocking With The Pix Firewall - Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual

Appendix A Intrusion Detection System Architecture
Caution

Blocking with the PIX Firewall

The shun Command
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
The PIX Firewall does not support connection blocking of hosts. When a
connection block is applied, the PIX Firewall treats it like an unconditional block.
The PIX Firewall also does not support network blocking. NAC never tries to
apply a network block to a PIX Firewall.
This sections describes the PIX Firewall and blocking.
This section contains the following topics:
The shun Command, page A-25
•
• The PIX Firewall and AAA, page A-26
Address Translation and Blocking, page A-26
•
NAC performs blocks on the PIX Firewall using the shun command. The shun
command has the following formats:
To block an IP address:
•
destip sport dport
shun srcip [
• To unblock an IP address:
no shun ip
To clear all blocks:
•
clear shun
To show active blocks or to show the global address that was actually
•
blocked:
ip_address
show shun [
NAC uses the response to the show shun command to determine whether the
block was performed.
The shun command does not replace existing ACLs, conduits, or outbound
commands, so there is no need to cache the existing PIX Firewall configuration,
nor to merge blocks into the PIX configuration.
port
[ ]]
]
System Components
A-25