Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Blocking Threat Events

 

Starting in Junos Space Security Director Release 16.1, you can block all traffic or block only the inbound and outbound traffic for a selected country. When you click a country on the threat map, the country page appears with details on total threat events since midnight, followed by inbound and outbound threat events. You can see the highest top five inbound and outbound IP addresses. You can select one or more IP addresses to block.

Blocking an IP address or a country requires policy rules to be edited. View policy changes by clicking the policy name or view affected devices by clicking the device count. Only policies permitting this traffic in the past 30 days are shown.

Click View Details to see more details for the country on the right panel. Click View All to view all the inbound and outbound IP addresses.

Note

Starting in Junos Space Security Director Release 21.1, when unified policy rules permit the traffic, selecting block action creates block rules in the appropriate unified policy.

The following block operations are described below:

  • To block IP addresses

  • To block all traffic

  • To block outbound traffic

  • To block inbound traffic

To block IP addresses:

  1. Select Monitor > Threats Map (Live).

    A geographical map is displayed with incoming and outgoing traffic.

  2. Click a country in the map.

    The corresponding country page appears with details on the threat events since midnight, as well as the highest top five inbound and outbound IP addresses. You can also view the details of the inbound and outbound events for the selected country.

  3. Click the Inbound or the outbound tab, and then select one or more IP addresses.
  4. Click Block IP Address.

    The Block (Outbound or Inbound) IP Address page appears with policies that contain the rules. The listed policies are edited to block all inbound or outbound traffic from the selected IP addresses.

  5. Click a policy.

    The Policy Preview Changes page appears with the number of rules added, modified, and deleted. You can preview the policy rules.

  6. Click OK to close the Policy Changes Preview page.
  7. Click Save to save your changes.
  8. Click Publish to publish your changes.
  9. Click Update to update your changes.

To block all traffic:

  1. Select Monitor > Threats Map (Live).

    A geographical map is displayed with incoming and outgoing traffic.

  2. Click a country.

    The corresponding country page appears with details on the threat events since midnight, as well as the highest top five inbound and outbound IP addresses. You can view the details of the inbound and outbound events for the selected country.

  3. Click Block all traffic to block all traffic from the selected country.

    The Block all traffic page is displayed with the policies that contain the rules to be edited to block all the traffic from the selected country.

  4. Click a policy.

    The Policy Changes Preview page is displayed with the number of rules added, modified, and deleted. You can preview the rules.

  5. Click OK to close the Policy Changes Preview page.
  6. Click Save to save your changes.
  7. Click Publish to publish your changes.
  8. Click Update to update your changes.

You can block traffic sent from one county to another country (outbound traffic). To block outbound traffic:

  1. Select Monitor > Threats Map (Live).

    A geographical map is displayed with incoming and outgoing traffic.

  2. Click a country that is sending traffic to another country.

    The corresponding country page appears with details on the threat events since midnight, as well as the highest top five inbound and outbound IP addresses.

  3. Click Block outbound.

    The Block Outbound page is displayed with the policies that contain the rules to be edited to block all outbound traffic from the selected country.

  4. Click a policy.

    The Policy Changes Preview page is displayed with the number of rules added, modified, and deleted. You can preview the rules.

  5. Click OK to close the Policy Changes Preview page.
  6. Click Save to save your changes.
  7. Click Publish to publish your changes.
  8. Click Update to update your changes.

You can block traffic coming to a country from another country (inbound traffic). To block inbound traffic:

  1. Select Monitor > Threats Map (Live).

    A geographical map is displayed with incoming and outgoing traffic.

  2. Click a country that is receiving traffic from another country.

    The corresponding country page appears with details on the threat events since midnight, as well as the highest top five inbound and outbound IP addresses.

  3. Click Block inbound.

    The Block Inbound page is displayed with the policies that contain the rules to be edited to block all the inbound traffic to the destination country.

  4. Click a policy.

    The Policy Changes Preview page is displayed with the number of rules added, modified, and deleted. You can preview the rules.

  5. Click OK to close the Policy Changes Preview page.
  6. Click Save to save your changes.
  7. Click Publish to publish your changes.
  8. Click Update to update your changes.

Related Documentation

Release History Table
Release
Description
16.1
Starting in Junos Space Security Director Release 16.1, you can block all traffic or block only the inbound and outbound traffic for a selected country.