Blocking is an Alert Logic® network intrusion detection system (IDS) functionality that blocks network connections and traffic from assigned addresses from getting through firewalls. This prevents threats from accessing customers’ environments at the perimeter.
The following article provides the command actions carried out by the Alert Logic appliance and firewall to enable or disable blocking for an IP. The network IDS currently supports four firewall configurations for auto-blocking: Cisco ASA/PIX (SSH), Cisco PIX (Telnet), Juniper (NetScreen), and Juniper (SRX).
Note: The following information applies only to Alert Logic customers with Cloud Defender entitlements.
Cisco ASA/PIX (SSH)
The following commands are executed on a Cisco ASA/PIC device for source or destination blocking or unblocking. Shun or no shun is executed for block or unblock, respectively.
- Log in via SSH with Username & Password
> enable (Requests Password)
# shun <address/netmask>
# no shun <address/netmask>
# quit
Cisco PIX (Telnet)
The following commands are executed on a Cisco PIX device for source or destination blocking or unblocking. Shun or no shun is executed for block or unblock, respectively.
- Log in via Telnet with Username & Password
> enable (Requests Password)
# shun <address/netmask>
# no shun <address/netmask>
# quit
Juniper (NetScreen)
The following commands are executed on a Juniper NetScreen device for source or destination blocking or unblocking. Set or unset is executed for block or unblock, respectively.
- Log in via SSH with Username & Password
-> set address Untrust “Address Book Entry” <address/netmask>
-> set group address Untrust <group name> add “Address Book Entry”
-> unset address Untrust “Address Book Entry” <address/netmask>
-> unset group address Untrust <group name> remove “Address Book Entry”
-> exit
Note: The parameter refers to the group name configured in the Alert Logic console. This group name is used to add the Address Book Entry to the Untrust (Deny) group on the Juniper NetScreen.
Juniper (SRX)
The following commands are executed on a Juniper SRX device for source or destination blocking or unblocking. Set or delete is executed for block or unblock, respectively.
- Log in via SSH with Username & Password
% cli
> configure
# set policy-options prefix-list <group name> <address>/<netmask>
# delete policy-options prefix-list <group name> <address>/<netmask>
# commit
> exit
Note: The parameter refers to the group name configured in the Alert Logic console. This group name is used as the prefix-list that has already been pre-configured for blocking on the Juniper SRX.
Note: For more information about Alert Logic blocking configurations, refer to the following article.
Comments
0 comments
Please sign in to leave a comment.