Blacklist traffic manually
You can blacklist traffic manually on Firewalls, IPS engines, and Layer 2 Firewalls.
For example, you can temporarily block a suspicious or disruptive source of communications while you conduct further investigations.
There are three ways to create new blacklist entries manually.
- Blacklist a connection found in the log data.
- Define a new blacklist entry for an Engine element.
- Create new blacklist entries in the Blacklist view, Connections view, Monitoring view, and Logs view.
The blacklist is not necessarily applied to all traffic. The Access rules determine how the blacklist is used.
Note: If a connection is allowed by a rule placed above the blacklist rule in the Access rules, the connection is allowed regardless of the blacklist entries. Check the logs to see which connections are discarded based on blacklisting.
For more details about the product and how to configure features, click Help or press F1.
Steps
Blacklist Entry Properties dialog box
Use this dialog box to create a manual blacklist entry.
Option | Definition |
---|---|
Duration | The length of time that the blacklist lasts.
If you leave the value as 0, the entry only cuts the current connections. Otherwise, the entry is enforced for the specified period. |
Endpoint 1 |
|
Endpoint 2 |
|
Blacklist Executors | Contains the engines that can be added to the Selected Executors list. Select the engines that enforce the blacklist entry. |
Search | Opens a search field for the selected element list. |
Up (Backspace) | Returns to the previous folder. |
New | Opens the associated dialog box to create an element. |
Tools | Show Deleted Elements — Shows elements that have been moved to the Trash. |
Add | Adds the selected Blacklist Executors to the Selected Executors list. |
Remove | Removes the selected Blacklist Executors from the Selected Executors list. |
Selected Executors | Shows the Blacklist Executors that you have selected. |