It would be nice if it worked the way the "Send Popup Message" active response does. In our current configuration one of our firewalls will automatically block attacker IP addresses but we would like to then update the rest of the firewalls with those blocked addresses. If the block IP command does a blast to all active response connected firewalls this would cause a double entry on the firewall that originally detected the attack so it looks like we will have to handle this another way for now. Thank you for explaining how this works currently.
↧