Block Source IP Addresses
You can block a source IP address from accessing either all applications or only selected applications. The block operation requires the listed policy rules to be edited to block the source IP address from accessing one or more applications. Then you can view the policy changes by clicking the policy name or view affected devices by clicking the device count. Also, you can click the policy to view the affected rules, edit the rules, and save them, if required.
Starting in Junos Space Security Director Release 21.1, when unified policy rules permit the traffic, selecting block action creates block rules in the appropriate unified policy.
To block the source IP address:
- Select Monitor > Applications.
The Application Visibility page is displayed.
- Click the SOURCE IP tab.
The top 50 source IPs are displayed.
- In the Chart View, hover over the source IP address you
want to block.
A pop up window is displayed with information on the number of sessions, bandwidth consumption, and top five applications of that particular IP address.
Click View All Applications to view all the applications of the source IP address on the APPLICATIONS-Grid View tab. You can select an application and block it by clicking Block Application.
- Click Block IP to block the source IP address
from accessing all applications.
The Block Application page is displayed.
Block the source IP address from accessing a particular application by selecting the application listed under the Top 5 Applications table, and then click Block Application(s).
The Block User page is displayed. All the policies that need to be edited to block the IP address from accessing the applications are listed under the Policy Name column.
- Select Run now to immediately publish or update the changes or select Schedule at a later time to publish or update the changes later.
- Click Save to save the configuration settings.
Click Publish to publish the changes.
Click Update to update the changes.