Blocking Source IP Addresses
You can block a source IP address from accessing either all applications or only selected applications by editing policy rules. Then you can view the policy changes by clicking the policy name or view affected devices by clicking the device count. Also, you can click the policy to view the affected rules, edit the rules, and save them, if required.
Starting in Junos Space Security Director Release 21.1, when unified policy rules permit the traffic, selecting block action creates block rules in the appropriate unified policy.
To block the source IP address:
- Select Monitor > Source IP.
The Source IP Visibility page appears.
- In the Chart View, hover over the source IP address for
which you want to block applications.
A pop up window appears showing the information on the number of sessions, bandwidth consumption, and top five applications of that particular IP address.
Note Click View All Applications to view all the applications of the source IP address on the Application Visibility page. You can select an application and block it by clicking Block Application.
- Block the source IP address from accessing all applications
by clicking Block IP.
The Block Application page appears.
Block the source IP address from accessing a particular application by selecting the application listed under the Top 5 Applications table, and then click Block Application(s).
The Block User page appears. All the policies that need to be edited to block the IP address from accessing the applications are listed under the Policy Name column.
- Select the required policies to edit the rules to block the IP address.
- Select Run now to immediately publish or update the changes or select Schedule at a later time to publish or update the changes later.
- Click Save to save the configuration settings.
Click Publish to publish the changes.
Click Update to update the changes.