Add Access rules for block listing

Access rules define which connections are checked against the block list.

By default, Firewalls and Layer 2 Firewalls do not enforce the block list. To enforce the block list, you must define the points at which the block list is checked.

The default High Security IPS Template and Medium Security IPS Template contain Access rules that apply the NGFW Engine's block list. If your IPS policy is based on these templates, it is not necessary to add Access rules for block listing. You can optionally add more Apply Block list rules with different matching criteria at different points in the policy.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Open the Firewall, IPS, Layer 2 Firewall, or Layer 2 Interface Policy for editing.
    Block list enforcement for Virtual NGFW Engines is configured in the Firewall Policy, IPS Policy, or Layer 2 Firewall Policy that is used on the Virtual NGFW Engine.
  2. On the IPv4 Access or IPv6 Access tab, define which Sources, Destinations, and Services are compared with the block list.
  3. Right-click the Action cell and select Apply Block list.
  4. (Optional) Restrict which engines and servers are allowed to send block list requests.
    1. Right-click the Action cell and select Edit Options.
    2. On the Block listing tab, select Restricted for the Allowed Block listers for This Rule setting.
    3. From the Available Block listers list, select the elements that you want to add to the Allowed Block listers list and click Add.
      Add the Management Server to allow manual block listing through the Management Clients. Add the Log Server to allow it to relay block listing requests from other NGFW Engines.
    4. Click OK.
    Note: By default, engines are allowed to add entries directly to their own block lists for traffic they inspect.
  5. Install the policy on the engine to activate the changes.

Next steps

No further configuration is needed if you want to block list connections manually.