Add Access rules for blacklisting

Access rules define which connections are checked against the blacklist.

By default, Firewalls and Layer 2 Firewalls do not enforce the blacklist. To enforce the blacklist, you must define the points at which the blacklist is checked.

The default High Security IPS Template and Medium Security IPS Template contain Access rules that apply the Engine's blacklist. If your IPS policy is based on these templates, it is not necessary to add Access rules for blacklisting. You can optionally add more Apply Blacklist rules with different matching criteria at different points in the policy.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Open the Firewall, IPS, Layer 2 Firewall, or Layer 2 Interface Policy for editing.
    Blacklist enforcement for Virtual Engines is configured in the Firewall Policy, IPS Policy, or Layer 2 Firewall Policy that is used on the Virtual Engine.
  2. On the IPv4 Access or IPv6 Access tab, define which Sources, Destinations, and Services are compared with the blacklist.
  3. Right-click the Action cell and select Apply Blacklist.
  4. (Optional) Restrict which engines and servers are allowed to send blacklist requests.
    1. Right-click the Action cell and select Edit Options.
    2. On the Blacklisting tab, select Restricted for the Allowed Blacklisters for This Rule setting.
    3. From the Available Blacklisters list, select the elements that you want to add to the Allowed Blacklisters list and click Add.
      Add the Management Server to allow manual blacklisting through the Management Clients. Add the Log Server to allow it to relay blacklisting requests from other Engines.
    4. Click OK.
    Note: By default, engines are allowed to add entries directly to their own blacklists for traffic they inspect.
  5. Install the policy on the engine to activate the changes.

Next steps

No further configuration is needed if you want to blacklist connections manually.