Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

IP Blocking

The TOE supports the definition of known-good and known-bad lists of source and/or destination addresses at the firewall rule level. These can be single IPs or a range of IPs. Address ranges are defined by creating address book entries and attaching them to firewall policies. Addresses in known-good lists would be combined with a ‘permit’ action in the firewall policies, while those in the known-bad lists with a ‘deny’ action. Security administrators are the only ones capable of defining IPS policy elements for the known-good and known-bad lists.

To implement IP blocking, administrators must first create address book entries for the known-good and known-bad hosts or ranges. These entries are then grouped into address sets and referenced in security policies to enforce the appropriate permit or deny actions. The following steps provide the configuration procedure.

  1. Define known good single IP address:

  2. Define known good IP range using range-address:

  3. Define known bad single IP address:

  4. Define known bad IP range using range-address:

  5. Create known good address set:

  6. Create known bad address set:

  7. Deny traffic from known bad addresses:

  8. Allow traffic from known good addresses:

  9. Commit configuration:

  10. Verify address book:

  11. Verify policies:

  12. To delete existing address entries from address books:

Configuration Examples:

Create a single entry of a known bad address and an additional entry with a range of known bad addresses:

Create a single entry of a known-good address and an additional entry with a range of known-good addresses:

Apply the address book entries to two security policies to deny and accept the same address entries with the deny policy being applied first:

Apply the address book entries to two security policies to deny and accept the same address entries with the accept policy being applied first: