Block list traffic manually
You can block list traffic manually on Engines, IPS engines, and Layer 2 Engines.
For example, you can temporarily block a suspicious or disruptive source of communications while you conduct further investigations.
There are three ways to create new block list entries manually.
- Block list a connection found in the log data.
- Define a new block list entry for an Secure SD-WAN Engine element.
- Create new block list entries in the Block list view, Connections view, Monitoring view, and Logs view.
The block list is not necessarily applied to all traffic. The Access rules determine how the block list is used.
Note: If a connection is allowed by a rule placed above the block list rule in the
Access rules, the connection is allowed regardless of the block list entries. Check the logs to see which connections are discarded based on block listing.
For more details about the product and how to configure features, click Help or press F1.
Steps
Block list Entry Properties dialog box
Use this dialog box to create a manual block list entry.
Option | Definition |
---|---|
Duration | The length of time that the block list lasts. If you leave the value as 0, the entry only cuts the current connections. Otherwise, the entry is enforced for the specified period. |
Endpoint 1 |
|
Endpoint 2 |
|
Block list Executors | Contains the engines that can be added to the Selected Executors list. Select the engines that enforce the block list entry. |
Search | Opens a search field for the selected element list. |
Up (Backspace) | Returns to the previous folder. |
New | Opens the associated dialog box to create an element. |
Tools | Show Deleted Elements — Shows elements that have been moved to the Trash. |
Add | Adds the selected Block list Executors to the Selected Executors list. |
Remove | Removes the selected Block list Executors from the Selected Executors list. |
Selected Executors | Shows the block list Executors that you have selected. |