Block list traffic manually

You can block list traffic manually on Engines, IPS engines, and Layer 2 Engines.

For example, you can temporarily block a suspicious or disruptive source of communications while you conduct further investigations.

There are three ways to create new block list entries manually.
  • Block list a connection found in the log data.
  • Define a new block list entry for an Secure SD-WAN Engine element.
  • Create new block list entries in the Block list view, Connections view, Monitoring view, and Logs view.
The block list is not necessarily applied to all traffic. The Access rules determine how the block list is used.
Note: If a connection is allowed by a rule placed above the block list rule in the Access rules, the connection is allowed regardless of the block list entries. Check the logs to see which connections are discarded based on block listing.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Create a new block list entry in one of the following ways:
    • In the Block list view, Connections view, or Logs view — Right-click a row in the table and select New Block list Entry or New Entry.
    • To create a block list entry for a specific Secure SD-WAN Engine — Right-click the Secure SD-WAN Engine element in the Connections view, Monitoring view, or Logs view, and select New Block list Entry or Block list > New Entry.
  2. Select the Duration for how long this entry will be kept.
    • If you leave the value as 0, the entry only stops the current connections. Otherwise, the entry is enforced for the specified period of time.
  3. Select the Address to block list for Endpoint 1 and Endpoint 2.
  4. (Only if the protocol is TCP or UDP) Select the Port to block list for Endpoint 1 and Endpoint 2.
  5. Select the Block list Executors that enforce the block list entry.
  6. Click OK.
    The block list entry is sent to the executor and the traffic is blocked.

Block list Entry Properties dialog box

Use this dialog box to create a manual block list entry.

Option Definition
Duration The length of time that the block list lasts.

If you leave the value as 0, the entry only cuts the current connections. Otherwise, the entry is enforced for the specified period.

Endpoint 1
  • Address — Select the address and port to block list for endpoint 1.
    • Any — Matches any IP address.
    • Predefined — Matches the specific IP address and prefix you enter in the field. For example, the /24 prefix block lists all addresses in the same C-class network. The default /32 prefix block lists only the specific IP address you enter.
  • Port — Shows the port range of the endpoint. You can change this value.
    • Ignored — Matches any port.
    • Predefined TCP — Matches the specific source and destination ports that you enter in the fields.
    • Predefined UDP — Matches the specific source and destination ports that you enter in the fields.
Endpoint 2
  • Address — Select the address and port to block list for endpoint 2.
    • Any — Matches any IP address.
    • Predefined — Matches the specific IP address and prefix you enter in the field. For example, the /24 prefix block lists all addresses in the same C-class network. The default /32 prefix block lists only the specific IP address you enter.
  • Port — Shows the port range of the endpoint. You can change this value.
    • Ignored — Matches any port.
    • Predefined TCP — Matches the specific source and destination ports that you enter in the fields.
    • Predefined UDP — Matches the specific source and destination ports that you enter in the fields.
Block list Executors Contains the engines that can be added to the Selected Executors list. Select the engines that enforce the block list entry.
Search Opens a search field for the selected element list.
Up (Backspace) Returns to the previous folder.
New Opens the associated dialog box to create an element.
Tools Show Deleted Elements — Shows elements that have been moved to the Trash.
Add Adds the selected Block list Executors to the Selected Executors list.
Remove Removes the selected Block list Executors from the Selected Executors list.
Selected Executors Shows the block list Executors that you have selected.