Add Access rules for block listing

Access rules define which connections are checked against the block list.

By default, Engines and Layer 2 Engines do not enforce the block list. To enforce the block list, you must define the points at which the block list is checked.

The default High Security IPS Template and Medium Security IPS Template contain Access rules that apply the Secure SD-WAN Engine's block list. If your IPS policy is based on these templates, it is not necessary to add Access rules for block listing. You can optionally add more Apply Block list rules with different matching criteria at different points in the policy.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Open the Engine, IPS, Layer 2 Engine, or Layer 2 Interface Policy for editing.
    Block list enforcement for Virtual Engines is configured in the Engine Policy, IPS Policy, or Layer 2 Engine Policy that is used on the Virtual Engine.
  2. On the IPv4 Access or IPv6 Access tab, define which Sources, Destinations, and Services are compared with the block list.
  3. Right-click the Action cell and select Apply Block list.
  4. (Optional) Restrict which engines and servers are allowed to send block list requests.
    1. Right-click the Action cell and select Edit Options.
    2. On the Block listing tab, select Restricted for the Allowed Block listers for This Rule setting.
    3. From the Available Block listers list, select the elements that you want to add to the Allowed Block listers list and click Add.
      Add the Management Server to allow manual block listing through the Management Clients. Add the Log Server to allow it to relay block listing requests from other Secure SD-WAN Engines.
    4. Click OK.
    Note: By default, engines are allowed to add entries directly to their own block lists for traffic they inspect.
  5. Install the policy on the engine to activate the changes.

Next steps

No further configuration is needed if you want to block list connections manually.